From d319d7d339a30b13067c893a1bfde145576a09bf Mon Sep 17 00:00:00 2001
From: Brendan <2bndy5@gmail.com>
Date: Sat, 5 Oct 2024 02:55:23 -0700
Subject: [PATCH] prepare for trusted publisher releases to pypi

---
 .github/workflows/build_python.yml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/build_python.yml b/.github/workflows/build_python.yml
index 5f6f582..61d601b 100644
--- a/.github/workflows/build_python.yml
+++ b/.github/workflows/build_python.yml
@@ -134,6 +134,8 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
     needs: [check_source, build_linux]
+    permissions:
+      id-token: write
     steps:
       - name: Set up Python
         uses: actions/setup-python@v5
@@ -159,15 +161,11 @@ jobs:
 
       - name: Publish package (to TestPyPI)
         if: github.event_name == 'workflow_dispatch'
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
-        run: twine upload --repository testpypi dist/*
+        uses: pypa/gh-action-pypi-publish@v1.10.3
+        with:
+          repository-url: https://test.pypi.org/legacy/
 
       - name: Publish to PyPi
         # only upload distributions to PyPi when triggered by a published release
         if: github.event_name == 'release'
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-        run: twine upload dist/*
+        uses: pypa/gh-action-pypi-publish@v1.10.3