From 985ef13cf94e0f608a7bf1052489fe7fc8e3e8d4 Mon Sep 17 00:00:00 2001
From: jodhus <josh@jodh.us>
Date: Tue, 3 Sep 2024 21:42:55 -0400
Subject: [PATCH] Update PyPI to use Trusted Publishing.

---
 .github/workflows/build-test-pypi.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build-test-pypi.yml b/.github/workflows/build-test-pypi.yml
index dba908b..4ff1fd5 100644
--- a/.github/workflows/build-test-pypi.yml
+++ b/.github/workflows/build-test-pypi.yml
@@ -79,6 +79,9 @@ jobs:
   upload_all:
     needs: [build_wheels, make_sdist]
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
     steps:
     - name: Get SDist and wheels from artifact container
       uses: actions/download-artifact@v4
@@ -87,8 +90,6 @@ jobs:
         path: dist
         merge-multiple: true
     - name: Publish wheels to Test PyPI
-      uses: pypa/gh-action-pypi-publish@v1.10.1
+      uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: ${{ secrets.TEST_PYPI_USERNAME }}
-        password: ${{ secrets.TEST_PYPI_PASSWORD }}
-        repository_url: https://test.pypi.org/legacy/
+        repository-url: https://test.pypi.org/legacy/