From c830947a6b8acd7b0a3f5eded3dafce32a685c25 Mon Sep 17 00:00:00 2001
From: Alec Edgington <alec.edgington@quantinuum.com>
Date: Fri, 10 Jan 2025 15:05:36 +0000
Subject: [PATCH] Use trusted publishing for releases.

---
 .github/workflows/release.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 71d9548625..75b860a92b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -343,7 +343,12 @@ jobs:
     name: Publish to pypi
     if: github.event_name == 'release'
     needs: [test_linux_wheels, test_linux_aarch64_wheels, test_macos_x86_wheels, test_macos_arm64_wheels, test_Windows_wheels]
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
+    environmemt:
+      name: release
+      url: https://pypi.org/p/pytket
+    permissions:
+      id-token: write
     steps:
     - name: Download all wheels
       uses: actions/download-artifact@v4
@@ -355,7 +360,3 @@ jobs:
         for w in `find wheelhouse/ -type f -name "*.whl"` ; do cp $w dist/ ; done
     - name: Publish wheels
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_PYTKET_API_TOKEN }}
-        verbose: true