From e17feddcaec8fe95e5f17d8994e67fb5f2220189 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A1n=20Chaves?= <adrian@chaves.io>
Date: Tue, 21 Jan 2025 13:18:33 +0100
Subject: [PATCH] Use trusted publishing

---
 .github/workflows/publish.yml | 38 +++++++++++++----------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index ca30d12..8d61dc6 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,33 +1,23 @@
 name: Publish
 on:
-  release:
-    types: [published]
-
+  push:
+    tags:
+    - '[0-9]+.[0-9]+.[0-9]+'
 jobs:
   publish:
     runs-on: ubuntu-latest
-
+    environment:
+      name: pypi
+      url: https://pypi.org/p/${{ github.event.repository.name }}
+    permissions:
+      id-token: write
     steps:
-    - uses: actions/checkout@v2
-
-    - name: Set up Python 3
-      uses: actions/setup-python@v2
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
       with:
-        python-version: 3
-
-    - name: Build distribution
-      run: |
-        pip install -U setuptools wheel
-        python setup.py sdist bdist_wheel
-
-    - name: Publish to TestPyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.TEST_PYPI_TOKEN }}
-        repository_url: https://test.pypi.org/legacy/
-        skip_existing: true
-
+        python-version: 3.13
+    - run: |
+        python -m pip install --upgrade build
+        python -m build
     - name: Publish to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_TOKEN }}