From 5b8359bfcc0e58da37706e57fed3b6024f69471a Mon Sep 17 00:00:00 2001
From: Corentin Cadiou <corentin.cadiou@cphyc.me>
Date: Mon, 18 Mar 2024 13:27:00 +0100
Subject: [PATCH] Move away from using tokens

See https://github.com/pypa/gh-action-pypi-publish/tree/v1.8.14/
---
 .github/workflows/wheels.yaml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/wheels.yaml b/.github/workflows/wheels.yaml
index 3bbc3e7..81a141f 100644
--- a/.github/workflows/wheels.yaml
+++ b/.github/workflows/wheels.yaml
@@ -63,6 +63,11 @@ jobs:
     runs-on: ubuntu-latest
     # upload to PyPI on every tag starting with 'yt_astro_analysis-'
     if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/yt_astro_analysis-')
+    environment:
+      name: pypi
+      url: https://pypi.org/p/yt-astro-analysis
+    permissions:
+      id-token: write
     steps:
       - uses: actions/download-artifact@v4
         with:
@@ -75,7 +80,4 @@ jobs:
           pattern: wheels-*
           merge-multiple: true
 
-      - uses: pypa/gh-action-pypi-publish@v1.8.12
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_token }}
+      - uses: pypa/gh-action-pypi-publish@v1.8.14