From 2ddfc67dcbf289c0bbd381f82e319c07cfbc05be Mon Sep 17 00:00:00 2001
From: squidfunk <martin.donath@squidfunk.com>
Date: Tue, 11 Nov 2025 11:09:15 +0100
Subject: [PATCH] Switched to trusted publishing

---
 .github/workflows/build.yml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c095713eb..1fe52f66e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -92,6 +92,9 @@ jobs:
 
   python:
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
     steps:
 
       - name: Checkout repository
@@ -113,11 +116,7 @@ jobs:
         run: python -m build
 
       - name: Publish Python package
-        if: github.event_name == 'release'
-        env:
-          PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-        run: twine upload --disable-progress-bar -u ${PYPI_USERNAME} -p ${PYPI_PASSWORD} dist/*
+        uses: pypa/gh-action-pypi-publish@release/v1
 
   docker:
     runs-on: ubuntu-latest