From f246048c8d468be9f0e196e0205eb614cdac8b1a Mon Sep 17 00:00:00 2001
From: Michael Overmeyer <michael@overmeyer.io>
Date: Mon, 16 Oct 2023 10:26:07 -0400
Subject: [PATCH] Switch to "trusted publishing" for production PyPI

---
 .github/workflows/publish.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 4eee218..323ffae 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -304,6 +304,8 @@ jobs:
       ]
     runs-on: ubuntu-latest
     environment: production_pypi
+    permissions:
+      id-token: write  # Required for "trusted publishing"
 
     steps:
       - uses: actions/download-artifact@v3
@@ -326,7 +328,3 @@ jobs:
 
       - name: Publish package to PyPI
         uses: pypa/gh-action-pypi-publish@v1.8.10
-        with:
-          # TODO: Change to use "Trusted publishing"?
-          user: __token__
-          password: ${{ secrets.pypi_password }}