From 9110f8c5a7c2603c56e8fd3404a667759fce535a Mon Sep 17 00:00:00 2001
From: cnfatal <cnfatal@gmail.com>
Date: Wed, 30 Oct 2024 07:13:53 +0000
Subject: [PATCH] perf(ci): use Trusted Publisher

---
 .github/workflows/python-publish.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index deedd9c..dc274dd 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -19,6 +19,8 @@ permissions:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python
@@ -33,6 +35,3 @@ jobs:
         run: python -m build
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}