From c97dd6fd3e986cb5f31e89eeaa8cf83eb21ad33b Mon Sep 17 00:00:00 2001
From: Dylan Pulver <35541198+dylanpulver@users.noreply.github.com>
Date: Tue, 5 Nov 2024 10:09:54 -0500
Subject: [PATCH] fix/migrate-to-trusted-publisher (#632)

---
 .github/workflows/main.yml | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 90b219f8..405a1d4f 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -29,12 +29,12 @@ jobs:
     runs-on: ubuntu-20.04
 
     if: contains(fromJson('["refs/heads/main", "refs/heads/binaries-fixes"]'), github.ref) || startsWith(github.ref, 'refs/tags')
-    
+
     steps:
       - name: Slack trigger
         uses: slackapi/slack-github-action@v1.23.0
         env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}      
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
   build-binaries:
     needs: test
@@ -84,13 +84,17 @@ jobs:
 
 
   deploy-pypi:
-    needs: build-binaries
-    runs-on: ubuntu-20.04
-
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-
+    needs: build-binaries
+    name: Upload release to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/safety
+    permissions:
+      id-token: write  # Required for trusted publishing
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
@@ -101,11 +105,8 @@ jobs:
           pip install build
       - name: Build package
         run: python -m build
-      - name: Publish package
-        uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
-        with:
-          user: __token__
-          password: ${{ secrets.SAFETY_PYPI_API_TOKEN }}
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
 
   create-gh-release:
     needs: deploy-pypi