From 118187b8f8fd02fa60eee46406aedfb274fcb4eb Mon Sep 17 00:00:00 2001
From: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
Date: Sat, 18 Nov 2023 16:46:53 -0500
Subject: [PATCH] Publish to PyPI using
 https://docs.pypi.org/trusted-publishers/

Signed-off-by: Jean-Christophe Morin <jean_christophe_morin@hotmail.com>
---
 .github/workflows/pypi.yaml | 17 +++++++++++------
 pyproject.toml              |  3 +++
 2 files changed, 14 insertions(+), 6 deletions(-)
 create mode 100644 pyproject.toml

diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
index 7908911cea..9ab857d23e 100644
--- a/.github/workflows/pypi.yaml
+++ b/.github/workflows/pypi.yaml
@@ -5,9 +5,13 @@ on:
 
 jobs:
   publish:
-    name: Publish to PyPi
+    name: Publish to PyPI
     runs-on: ubuntu-latest
 
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -19,14 +23,15 @@ jobs:
 
       - name: Install Dependencies
         run: |
-          pip install wheel
+          pip install build
 
       - name: Build rez
         run: |
-          python setup.py sdist bdist_wheel
+          python -m build --sdist --wheel --outdir dist
 
-      - name: Upload to PyPi
+      # Note that we don't need credentials.
+      # We rely on https://docs.pypi.org/trusted-publishers/.
+      - name: Upload to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: '${{ secrets.PYPI_API_TOKEN }}'
+          packages-dir: dist
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000000..fed528d4a7
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"