From 6f4320652975a71ffad2fa5b87fb63ad2868fe36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20H=C3=B8xbro=20Hansen?= <simon.hansen@me.com>
Date: Mon, 11 Nov 2024 08:11:04 +0100
Subject: [PATCH] ci: Switch PyPI package to trusted build (#6447)

---
 .github/workflows/build.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 261f73fe2d..66a1d597b1 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -127,6 +127,8 @@ jobs:
     runs-on: ubuntu-latest
     needs: [pip_build, waiting_room]
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+    permissions:
+      id-token: write
     steps:
       - uses: actions/download-artifact@v4
         with:
@@ -134,7 +136,3 @@ jobs:
           path: dist/
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: ${{ secrets.PPU }}
-          password: ${{ secrets.PPP }}
-          repository-url: "https://upload.pypi.org/legacy/"