From a27e7fb415624b51a16b828a7d5880b7d47b196c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Gl=C3=A4=C3=9Fle?= <t_glaessle@gmx.de>
Date: Thu, 23 Nov 2023 15:20:33 +0100
Subject: [PATCH] Use pypa/gh-actions-pypi-publish for releasing

In order to support trusted publishing.

I believe twine doesn't support it yet, see:

https://github.com/pypa/twine/issues/999
---
 .github/workflows/python-package.yml | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml
index 58731a4..c7d8845 100644
--- a/.github/workflows/python-package.yml
+++ b/.github/workflows/python-package.yml
@@ -54,19 +54,14 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     if: startsWith(github.ref, 'refs/tags/v') && success()
+    environment:
+      name: pypi
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/download-artifact@v3
         with:
           name: dist
           path: dist
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.x'
-      - run: pip install twine
-
-      - name: Publish PyPI package
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-        run: twine upload dist/*.whl dist/*.tar.gz
+      - uses: pypa/gh-action-pypi-publish@release/v1