From 73ccb84471f6d13feacc0f7189acb8778ff7f807 Mon Sep 17 00:00:00 2001
From: Elvis Pranskevichus <elvis@edgedb.com>
Date: Thu, 23 Jan 2025 00:07:40 -0800
Subject: [PATCH] Switch to trusted publishing (#570)

---
 .github/workflows/release.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 359e41ec..65400085 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -161,8 +161,15 @@ jobs:
   publish:
     needs: [build-sdist, build-wheels]
     runs-on: ubuntu-latest
+
+    environment:
+      name: pypi
+      url: https://pypi.org/p/gel
     permissions:
+      id-token: write
+      attestations: write
       contents: write
+      deployments: write
 
     steps:
     - uses: actions/checkout@v3
@@ -208,7 +215,4 @@ jobs:
     - name: Upload to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.PYPI_TOKEN }}
-        # password: ${{ secrets.TEST_PYPI_TOKEN }}
-        # repository_url: https://test.pypi.org/legacy/
+        attestations: true