From 0d04831094502ffa3aef49d6caa496d2b8d76492 Mon Sep 17 00:00:00 2001
From: "Jason R. Coombs" <jaraco@jaraco.com>
Date: Mon, 19 Feb 2024 19:55:33 -0500
Subject: [PATCH] Configure the project for trusted publishing of tagged
 commits.

---
 .github/workflows/main.yml | 12 +++++++-----
 tox.ini                    | 14 ++++++++++++++
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9516d27..28f4406 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -99,8 +99,11 @@ jobs:
         jobs: ${{ toJSON(needs) }}
 
   release:
+    environment:
+      release
     permissions:
       contents: write
+      id-token: write
     needs:
     - check
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
@@ -114,8 +117,7 @@ jobs:
           python-version: 3.x
       - name: Install tox
         run: python -m pip install tox
-      - name: Run
-        run: tox -e release
-        env:
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build
+        run: tox -e build
+      - name: Publish
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/tox.ini b/tox.ini
index 6d169fd..1a8d1be 100644
--- a/tox.ini
+++ b/tox.ini
@@ -28,3 +28,17 @@ commands =
   python -m docutils docs/FAQ.rst
   python -m docutils docs/INSTALLATION.rst
   python -m docutils docs/TODO.rst
+
+
+[testenv:build]
+description = build the package and create release in GitHub
+skip_install = True
+deps =
+  build
+  jaraco.develop>=7.1
+pass_env =
+  GITHUB_TOKEN
+commands =
+  python -c "import shutil; shutil.rmtree('dist', ignore_errors=True)"
+  python -m build
+  python -m jaraco.develop.create-github-release