From f6feca79afbe33d95b7b73ed33a441d7aadab09a Mon Sep 17 00:00:00 2001
From: Jordan Maynor <mail@jtm.li>
Date: Thu, 26 Sep 2024 15:49:31 -0500
Subject: [PATCH] Updated to Trusted Publishing

---
 .github/workflows/python-publish.yml | 63 +++++++++++++++++-----------
 1 file changed, 38 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index 26b6db2..e5582ca 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -1,10 +1,4 @@
-# This workflow will upload a Python Package using Twine when a release is created
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
+# Workflow will publish a Python package to PyPI when a new release is created
 
 name: Upload Python Package
 
@@ -12,28 +6,47 @@ on:
   release:
     types: [published]
 
-permissions:
-  contents: read
-
 jobs:
-  deploy:
 
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Archive the dist folder
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist
+          retention-days: 1
+
+  deploy:
     runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      id-token: write
 
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
+    - name: Download the dist folder from the build job
+      uses: actions/download-artifact@v4
       with:
-        python-version: '3.x'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install build
-    - name: Build package
-      run: python -m build
+        name: dist
+        path: dist
     - name: Publish package
-      uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}
+      uses: pypa/gh-action-pypi-publish@release/v1