From 43a5bc7d9266d660253405cbedb6c001a2a37cd1 Mon Sep 17 00:00:00 2001
From: td <j.nirve@famedly.com>
Date: Wed, 19 Jul 2023 21:39:48 +0530
Subject: [PATCH] chore: use oidc instead of a session token to publish to pub

---
 .github/workflows/app.yml     | 20 --------------------
 .github/workflows/publish.yml | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 20 deletions(-)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/app.yml b/.github/workflows/app.yml
index 316e0590d..1723b616e 100644
--- a/.github/workflows/app.yml
+++ b/.github/workflows/app.yml
@@ -76,23 +76,3 @@ jobs:
         run: |
           dart pub get
           dart pub publish --dry-run
-
-  pub-dev:
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/v')
-    container:
-      image: dart:${{inputs.dart_version}}
-    steps:
-      - uses: actions/checkout@v3
-      - name: pub.dev publish
-        run: |
-          if [ -z "${{ secrets.PUB_DEV_CREDENTIALS }}" ]; then
-            echo "Missing PUB_DEV_CREDENTIALS environment variable"
-            exit 1
-          fi
-          
-          mkdir -p ~/.config/dart/
-          cp "${{ secrets.PUB_DEV_CREDENTIALS }}" ~/.config/dart/pub-credentials.json
-
-          dart pub get
-          dart pub publish --force
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 000000000..3e43434df
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,15 @@
+name: Publish to pub.dev
+
+on:
+  push:
+    tags: 
+    - v[0-9]+.[0-9]+.[0-9]+
+
+# Publish using the reusable workflow from dart-lang.
+jobs:
+  publish:
+    permissions:
+      id-token: write # Required for authentication using OIDC
+    uses: dart-lang/setup-dart/.github/workflows/publish.yml@v1
+    with:
+        environment: pub.dev