From fbe5a7b51053cd8570d528e1da9de754db793662 Mon Sep 17 00:00:00 2001
From: Baptiste Fontaine <baptiste@bixoto.com>
Date: Wed, 6 Dec 2023 09:49:45 +0000
Subject: [PATCH] use the 'trusted publisher' workflow

---
 .github/workflows/publish.yml | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 07b5b3b..362babd 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,13 +7,31 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    # https://docs.pypi.org/trusted-publishers/using-a-publisher/
+    environment: release
+    permissions:
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Build and publish to pypi
-        uses: JRubics/poetry-publish@v1.17
+      - name: Install Poetry
+        run: |
+          pipx install poetry
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
         with:
-          python_version: "3.9"
-          pypi_token: ${{ secrets.PYPI_TOKEN }}
-          ignore_dev_requirements: yes
+          python-version: '3.9'
+          cache: 'poetry'
+
+      - name: Install dependencies
+        run: |
+          poetry install
+
+      - name: Build
+        run: |
+          poetry build
+
+      - name: Publish to pypi
+        uses: pypa/gh-action-pypi-publish@release/v1