From 144c823a8ca257a5881f85b572a7e67d203afc04 Mon Sep 17 00:00:00 2001
From: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 28 Nov 2023 15:47:01 +0000
Subject: [PATCH] Update instance repo from cookiecutter template

---
 .github/workflows/release.yaml | 39 +++++++++++++++++-----------------
 docs/contributing.md           |  9 ++------
 docs/template_usage.md         | 12 +++++++----
 3 files changed, 29 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 9352d04..bd82eb5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,30 +1,29 @@
 name: Release
 
 on:
-  push:
-    tags:
-      - "*.*.*"
+  release:
+    types: [published]
 
+# Use "trusted publishing", see https://docs.pypi.org/trusted-publishers/
 jobs:
   release:
-    name: Release
+    name: Upload release to PyPI
     runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/{{ cookiecutter.package_name }}
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
         with:
-          python-version: "3.10"
-
-      - name: Install hatch
-        run: pip install hatch
-
-      - name: Build project for distribution
-        run: hatch build
-
-      - name: Publish a Python distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+          filter: blob:none
+          fetch-depth: 0
+      - uses: actions/setup-python@v4
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          python-version: "3.x"
+          cache: "pip"
+      - run: pip install build
+      - run: python -m build
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/docs/contributing.md b/docs/contributing.md
index 5126500..7c82af0 100644
--- a/docs/contributing.md
+++ b/docs/contributing.md
@@ -93,13 +93,8 @@ Before making a release, you need to update the version number in the `pyproject
 >
 > Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
 
-Once you are done, run
-
-```
-git push --tags
-```
-
-to publish the created tag on GitHub. Alternatively, it is possible to create a tag through the Github web interface. For more information, see [managing Github releases][]. This will automatically trigger a Github workflow that creates a release on PyPI.
+Once you are done, commit and push your changes and navigate to the "Releases" page of this project on GitHub.
+Specify `vX.X.X` as a tag name and create a release. For more information, see [managing Github releases][]. This will automatically create a git tag and trigger a Github workflow that creates a release on PyPI.
 
 ## Writing documentation
 
diff --git a/docs/template_usage.md b/docs/template_usage.md
index 7e11fc3..8cc30f2 100644
--- a/docs/template_usage.md
+++ b/docs/template_usage.md
@@ -158,14 +158,16 @@ On the RTD dashboard choose "Import a Project" and follow the instructions to ad
 
 If your project is private, there are ways to enable docs rendering on [readthedocs.org][] but it is more cumbersome and requires a different subscription for read the docs. See a guide [here](https://docs.readthedocs.io/en/stable/guides/importing-private-repositories.html).
 
-### The release Github workflow
+### Automating PyPI released using GitHub actions
 
 #### Configuring the Github workflow
 
 Tags adhering to `"*.*.*"` that are pushed to the `main` branch will trigger the release Github workflow that automatically builds and uploads the Python package to [PyPI][].
-For this to work, the `PYPI_API_TOKEN` Github secret needs to be set to the value of the [PyPI][] token.
-See [Creating PyPI tokens][] for instructions on how to create a [PyPI][] token.
-Finally, set your `PYPI_API_TOKEN` Github secret equal to the value of the just created [PyPI][] token by following [creating Github secrets][].
+
+For this to work, you'll need to setup GitHub as a [trusted publisher][] on PyPI. To set this up, login to
+[PyPI][], and navigate to your project. In the left sidebar, choose "Publishing", and add the repository details.
+The "Workflow name" needs to bet set to `release.yaml`. In most cases, you can leave the "Environment name" empty.
+For more details, please refer to the official [PyPI guide for setting up trusted publishing][pypi-trusted-publishing-guide].
 
 #### Behind the scenes
 
@@ -194,6 +196,8 @@ Provide your username and password when requested and then go check out your pac
 
 For more information, follow the [Python packaging tutorial][].
 
+[pypi-trusted-publishing-guide]: https://docs.pypi.org/trusted-publishers/adding-a-publisher/
+[trusted publisher]: https://docs.pypi.org/trusted-publishers/
 [creating github secrets]: https://docs.github.com/en/actions/security-guides/encrypted-secrets
 [creating pypi tokens]: https://pypi.org/help/#apitoken
 [managing github releases]: https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository