From 6b462ab16b1aa2e474cc3ac523b7876795357258 Mon Sep 17 00:00:00 2001
From: Luis Scoccola <luis.scoccola@gmail.com>
Date: Thu, 5 Sep 2024 16:35:46 -0400
Subject: [PATCH] ci: stop using username and password for uploading to pip

---
 .github/workflows/python-publish.yml | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index 150d955..c529c6b 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -16,6 +16,9 @@ jobs:
         python-version: ["3.8", "3.9", "3.10", "3.11"]
 
     runs-on: "ubuntu-latest"
+    permissions:
+      id-token: write
+
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python
@@ -30,9 +33,6 @@ jobs:
       - name: Run tests
         run: pytest .
       - name: Build and publish
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
         run: |
           python setup.py sdist
           twine upload --skip-existing dist/*
@@ -44,6 +44,8 @@ jobs:
         python-version: ["3.8", "3.9", "3.10", "3.11"]
 
     runs-on: "windows-latest"
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v4
@@ -59,9 +61,6 @@ jobs:
       - name: Run tests
         run: pytest .
       - name: Build and publish
-        env:
-          TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
         run: |
           python setup.py bdist_wheel
           twine upload --skip-existing dist/*