From 1248ac2f0526291771f2cab520cf82ee6323a7ca Mon Sep 17 00:00:00 2001
From: Thomas Kluyver <thomas@kluyver.me.uk>
Date: Sat, 20 Apr 2024 16:49:20 +0100
Subject: [PATCH] Set up trusted publishing for making releases to PyPI

---
 .github/workflows/ci.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3ba2d5c..f2170ce 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -46,6 +46,8 @@ jobs:
     name: Publish release
     runs-on: ubuntu-latest
     needs: tests
+    permissions:
+      id-token: write  # Needed for trusted publishing
 
     if: ${{ startsWith(github.ref, 'refs/tags/') }}
 
@@ -53,9 +55,11 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
         with:
-          python-version: "3.10"
+          python-version: "3.12"
 
-      - run: pipx run nox -s release
-        env:
-          FLIT_USERNAME: __token__
-          FLIT_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+      - run: |
+          pip install build
+          python -m build
+          
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1