From 243ba67f736170f8a21b0904da7905667986f72a Mon Sep 17 00:00:00 2001
From: Ralph Urlus <rurlus.dev@gmail.com>
Date: Thu, 11 Apr 2024 09:57:21 +0200
Subject: [PATCH] CICD: Switch to trusted publisher based auth for releases to
 PyPi

---
 .github/workflows/wheels.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
index a964e73..9e0f9d6 100644
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@@ -123,11 +123,14 @@ jobs:
         name: artifact-macos-arm
         path: wheelhouse/*.whl
 
-  upload_all:
-    name: Upload if release
+  pypi-publish:
+    name: Publish release on PyPi
     needs: [build_sdist, build_wheels, build_arm_wheels]
     runs-on: ubuntu-latest
     if: github.event_name == 'release' && github.event.action == 'published'
+    environment: release
+    permissions:
+      id-token: write
 
     steps:
     - uses: actions/setup-python@v5
@@ -139,6 +142,3 @@ jobs:
         path: dist
 
     - uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: ${{ secrets.PYPI_USER }}
-        password: ${{ secrets.PYPI_PASS }}