From 01998acc6417c9c200ad69347d6d5f85d6fd5811 Mon Sep 17 00:00:00 2001
From: Dominic Canare <dom@greenlightgo.org>
Date: Wed, 31 May 2023 19:11:00 -0500
Subject: [PATCH] Use pypi-publish instead of tokens

---
 .github/workflows/main.yml | 11 ++++++++++-
 tox.ini                    |  4 ----
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 6ef66e4..5ee067d 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -66,5 +66,14 @@ jobs:
       - name: Release
         run: tox -e release
         env:
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  pypi-publish:
+    needs:
+      - release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
\ No newline at end of file
diff --git a/tox.ini b/tox.ini
index 5bf4e06..1dda914 100644
--- a/tox.ini
+++ b/tox.ini
@@ -28,12 +28,8 @@ deps =
 	twine>=3
 	jaraco.develop>=7.1
 passenv =
-	TWINE_PASSWORD
 	GITHUB_TOKEN
-setenv =
-	TWINE_USERNAME = {env:TWINE_USERNAME:__token__}
 commands =
 	python -c "import shutil; shutil.rmtree('dist', ignore_errors=True)"
 	python -m build
-	python -m twine upload dist/*
 	python -m jaraco.develop.create-github-release