From 62e5da5a2361373a80cebe0c68b144d7788b4378 Mon Sep 17 00:00:00 2001
From: Bruno Alla <alla.brunoo@gmail.com>
Date: Mon, 9 Oct 2023 23:42:28 +0100
Subject: [PATCH] ci: release to PyPI using Trusted Publisher

---
 .github/workflows/ci.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 803d850d..acf3b8e5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -70,12 +70,17 @@ jobs:
       - uses: wagoid/commitlint-github-action@v5.4.3
 
   release:
-    runs-on: ubuntu-latest
-    environment: release
     needs:
       - test
       - commitlint
 
+    runs-on: ubuntu-latest
+    environment: release
+    concurrency: release
+    permissions:
+      id-token: write
+      contents: write
+
     steps:
       - uses: actions/checkout@v4
         with:
@@ -100,8 +105,6 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         if: steps.release.outputs.released == 'true'
-        with:
-          password: ${{ secrets.PYPI_TOKEN }}
 
       - name: Publish package distributions to GitHub Releases
         uses: python-semantic-release/upload-to-gh-release@main