From 0c929a1c86df5577dcd000f5e83348d3cdfe0f28 Mon Sep 17 00:00:00 2001
From: 0x2b3bfa0 <0x2b3bfa0+git@googlemail.com>
Date: Mon, 11 Sep 2023 17:37:57 +0200
Subject: [PATCH] Migrate from PyPI tokens to Trusted Publishers

---
 .github/workflows/publish.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ee39061d..089617bb 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -10,6 +10,10 @@ name: Publish
 
 jobs:
   publish:
+    environment: pypi
+    permissions:
+      contents: read
+      id-token: write
     runs-on: ubuntu-latest
 
     steps:
@@ -30,5 +34,3 @@ jobs:
     - name: Publish
       if: startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_TOKEN }}