From a2c48b9a4aeefc72e192cbf50de05739a3b673e9 Mon Sep 17 00:00:00 2001
From: Matthias Cuntz <mc@macu.de>
Date: Sat, 2 Nov 2024 23:45:30 +0100
Subject: [PATCH] Updated trusted publisher on pypi

---
 .github/workflows/master.yml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index de5ebc6..213dba4 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install --editable .
+          python -m pip install --editable .
 
   build_sdist:
     name: sdist on ${{ matrix.os }} with py ${{ matrix.python-version }}
@@ -79,28 +79,27 @@ jobs:
   upload_to_pypi:
     needs: [build_sdist]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
-      - uses: actions/download-artifact@v4
+      - name: Retrieve release distributions
+        uses: actions/download-artifact@v4
         with:
           name: artifact
-          path: dist
+          path: dist/
 
       - name: Publish to Test PyPI
         # only if working on master
         if: github.ref == 'refs/heads/master'
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: ${{ secrets.test_pypi_token }}
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
           # verbose: true
 
-      - name: Publish to PyPI
+      - name: Publish release to PyPI
         # only if tagged
         if: startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_token }}