From b50fb495126af967542e9188fd2a796a44e7004d Mon Sep 17 00:00:00 2001
From: Guillaume Fieni <guillaume.fieni@inria.fr>
Date: Tue, 25 Apr 2023 14:20:11 +0200
Subject: [PATCH] ci: Switch to Trusted Publishing (OIDC auth) for
 pypa/gh-action-pypi-publish

---
 .github/workflows/release.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 520e5de9..cd0f70ef 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -55,6 +55,9 @@ jobs:
     name: Publish Pypi package
     runs-on: ubuntu-latest
     needs: github-release
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
     - uses: actions/checkout@v3
@@ -75,8 +78,6 @@ jobs:
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@0bf742be3ebe032c25dd15117957dc15d0cfc38d # v1.8.5
       with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}
         print-hash: true
 
   docker-image: