From abd937f288c63d1430963d40e9b2bd43e81b04e0 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <stephen@that.guru>
Date: Mon, 4 Sep 2023 11:05:32 +0100
Subject: [PATCH] Configure trusted publishing

No more manual creation of tokens. Hurrah!

Signed-off-by: Stephen Finucane <stephen@that.guru>
---
 .github/workflows/ci.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index e2084c9..f5933f5 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -65,6 +65,8 @@ jobs:
   release:
     name: Upload release artifacts
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     needs: test
     if: github.event_name == 'push'
     steps:
@@ -84,5 +86,3 @@ jobs:
       - name: Publish distribution to PyPI
         if: startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@master
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}