From e9373dab90ebc83cc24996f3209d1f218d4a5598 Mon Sep 17 00:00:00 2001
From: s-heppner <s.heppner@iat.rwth-aachen.de>
Date: Fri, 15 Mar 2024 15:27:18 +0100
Subject: [PATCH] Update Release CI Pipeline to use PyPI's new trusted
 publishing

Previously, we used the old GitHub secrets method
to publish to PyPI.
However, this method appears to be outdated.

Follwing [this guide], we update the .github
Release workflow

[this guide](https://docs.pypi.org/trusted-publishers/using-a-publisher/)
---
 .github/workflows/release.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0edc200..a9a25e9 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,7 +6,12 @@ on:
 
 jobs:
   publish:
+    name: Upload release to PyPI
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
 
     steps:
     - uses: actions/checkout@v2
@@ -23,5 +28,3 @@ jobs:
         python setup.py sdist bdist_wheel
     - name: Publish distribution to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_ORG_TOKEN }}