From 461c166dcfccc063c36a8a10e7d42d9d43d5a5b5 Mon Sep 17 00:00:00 2001
From: Andrej Copar <andrej@genialis.com>
Date: Wed, 11 Dec 2024 03:01:28 +0000
Subject: [PATCH] Use Github OIDC to publish release to PyPI

---
 .github/workflows/ci.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c5857cd0a..30624191c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -112,6 +112,11 @@ jobs:
   build:
     runs-on: arc-runner
     needs: test
+
+    permissions:
+      id-token: write
+      contents: read
+
     if: startsWith(github.ref, 'refs/tags')
 
     steps:
@@ -125,5 +130,3 @@ jobs:
 
       - name: Publish distribution to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.pypi_password }}