From 6c8574c64c59a18c79c28eca82e4b1918404bc11 Mon Sep 17 00:00:00 2001
From: Vineet Bansal <vineetbansal@protonmail.com>
Date: Fri, 6 Feb 2026 10:03:03 -0500
Subject: [PATCH] patch for trusted publishing

---
 .github/workflows/release.yml | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d1afcafb..8859c2e0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -74,6 +74,9 @@ jobs:
     name: Publish wheels to PyPi
     needs: [build_sdist, build_wheels]
     runs-on: ubuntu-latest
+    # https://docs.pypi.org/trusted-publishers/using-a-publisher/
+    permissions:
+      id-token: write
     steps:
       - name: Download packages
         uses: actions/download-artifact@v7
@@ -85,10 +88,5 @@ jobs:
       - name: Print out packages
         run: ls -la dist/*
 
-      - name: Upload wheels to pypi
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.pypi_password }}
-        run: |
-          python -m pip install --upgrade pip setuptools wheel packaging twine
-          twine upload dist/*
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1