From eec58fdac18e21cb8e24362a8aa381b5afdb506d Mon Sep 17 00:00:00 2001
From: Nikolaus Waxweiler <nikolaus.waxweiler@daltonmaag.com>
Date: Tue, 23 Sep 2025 11:35:45 +0100
Subject: [PATCH] Use trusted publishing

---
 .github/workflows/publish-package.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml
index f9af60b5..98f64133 100644
--- a/.github/workflows/publish-package.yml
+++ b/.github/workflows/publish-package.yml
@@ -23,6 +23,11 @@ jobs:
   deploy:
 
     runs-on: ubuntu-latest
+    environment:
+      name: publish-to-pypi
+      url: https://pypi.org/p/defcon
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
 
     steps:
     - uses: actions/checkout@v4.2.2
@@ -38,7 +43,4 @@ jobs:
       run: |
         python setup.py sdist bdist_wheel
     - name: Publish
-      uses: pypa/gh-action-pypi-publish@v1.12.4
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_PASSWORD }}
+      uses: pypa/gh-action-pypi-publish@v1.13.0