From d69a25c3b9e1b5fccc84a0864a68424a3189dee5 Mon Sep 17 00:00:00 2001
From: Daniel Weindl <daniel.weindl@helmholtz-munich.de>
Date: Wed, 17 Jan 2024 10:07:44 +0100
Subject: [PATCH] Use PyPI trusted publishing

Use PyPI [trusted publishing](https://docs.pypi.org/trusted-publishers/) instead of username/password.
---
 .github/workflows/deploy_release.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy_release.yml b/.github/workflows/deploy_release.yml
index adcfd88d41..975f8aa5b8 100644
--- a/.github/workflows/deploy_release.yml
+++ b/.github/workflows/deploy_release.yml
@@ -14,6 +14,13 @@ jobs:
       matrix:
         python-version: [3.9]
 
+    environment:
+      name: pypi
+      url: https://pypi.org/p/amici
+
+    permissions:
+      id-token: write
+
     steps:
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
@@ -40,8 +47,6 @@ jobs:
     - name: Publish a Python distribution to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.pypi_password }}
         packages-dir: python/sdist/dist
 
   bioSimulatorsUpdateCliAndDockerImage: