From 53d1f9a75ba388d400e0cff65530f0da33720d8f Mon Sep 17 00:00:00 2001
From: Matthias Cuntz <mc@macu.de>
Date: Sat, 2 Nov 2024 23:51:43 +0100
Subject: [PATCH] Updated trusted publisher on pypi

---
 .github/workflows/main.yml | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a0ee4d0..fee2666 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,17 +24,17 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Set up Python 3.11
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: '3.11'
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install --editable .
+          python -m pip install --editable .
 
   build_sdist:
     name: sdist on ${{ matrix.os }} with py ${{ matrix.python-version }}
@@ -46,12 +46,12 @@ jobs:
         python-version: ['3.9', '3.10', '3.11', '3.12']
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: '0'
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -67,6 +67,7 @@ jobs:
           python -m coveralls --service=github
 
       - name: Build sdist
+        if: matrix.os == 'ubuntu-latest'
         run: |
           python -m build
 
@@ -78,27 +79,27 @@ jobs:
   upload_to_pypi:
     needs: [build_sdist]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
-      - uses: actions/download-artifact@v4
+      - name: Retrieve release distributions
+        uses: actions/download-artifact@v4
         with:
           name: artifact
-          path: dist
+          path: dist/
 
-      - name: Publish to Test PyPI
+      - name: Publish test to Test.PyPI
         # only if working on master
         if: github.ref == 'refs/heads/master'
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: ${{ secrets.test_pypi_token }}
-          repository_url: https://test.pypi.org/legacy/
-          skip_existing: true
+          repository-url: https://test.pypi.org/legacy/
+          skip-existing: true
+          # verbose: true
 
-      - name: Publish to PyPI
+      - name: Publish release to PyPI
         # only if tagged
         if: startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.pypi_token }}