From ca55ca3cbc74e6063ddbb09e0490ab589a43b196 Mon Sep 17 00:00:00 2001
From: Christian Ledermann <christian.ledermann@gmail.com>
Date: Sun, 6 Oct 2024 20:46:59 +0100
Subject: [PATCH] update release to trusted publisher

---
 .github/workflows/run-all-tests.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/run-all-tests.yml b/.github/workflows/run-all-tests.yml
index c325701..0ddbddc 100644
--- a/.github/workflows/run-all-tests.yml
+++ b/.github/workflows/run-all-tests.yml
@@ -129,6 +129,9 @@ jobs:
     needs: [cpython, static-tests, pypy, hypothesis-tests]
     name: Build and publish to PyPI and TestPyPI
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - name: Set up Python 3.12
@@ -150,13 +153,10 @@ jobs:
           --outdir dist/
       - name: Publish distribution 📦 to Test PyPI for tags
         if: startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
       - name: Publish distribution 📦 to PyPI for push to main
         if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: pypa/gh-action-pypi-publish@master
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        uses: pypa/gh-action-pypi-publish@release/v1
 ...