From 5aaae549f93e0478ce0b3a92d2416665735552d8 Mon Sep 17 00:00:00 2001
From: Eduardo Rodrigues <eduardo.rodrigues@cern.ch>
Date: Fri, 3 May 2024 12:34:02 +0200
Subject: [PATCH] ci: trusted pub (#436)

* ci: trusted pub

* Update wheel.yml

* Update wheel.yml

* Update wheel.yml

* style: pre-commit fixes

* Update wheel.yml

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
---
 .github/workflows/wheel.yml | 33 ++++++++++++++-------------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/wheel.yml b/.github/workflows/wheel.yml
index e7a6a935..24c86674 100644
--- a/.github/workflows/wheel.yml
+++ b/.github/workflows/wheel.yml
@@ -5,38 +5,33 @@ on:
   push:
     branches:
       - master
+  pull_request:
   release:
     types:
-    - published
+      - published
 
 jobs:
   dist:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
-
-    - name: Build wheel and SDist
-      run: pipx run build
-
-    - name: Check metadata
-      run: pipx run twine check dist/*
-
-    - uses: actions/upload-artifact@v4
-      with:
-        path: dist/*
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
+      - uses: hynek/build-and-inspect-python-package@v2
 
   publish:
     needs: [dist]
     runs-on: ubuntu-latest
     if: github.event_name == 'release' && github.event.action == 'published'
+    environment: pypi
+    permissions:
+      id-token: write
 
     steps:
-    - uses: actions/download-artifact@v4
-      with:
-        name: artifact
-        path: dist
+      - uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
 
-    - uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.pypi_password }}
+      - uses: pypa/gh-action-pypi-publish@release/v1