From 329440004f68837a807bbd76fa654218bd251d1b Mon Sep 17 00:00:00 2001
From: Nolan Conaway <nolanbconaway@gmail.com>
Date: Sat, 16 Dec 2023 17:45:20 -0500
Subject: [PATCH] use trusted publisher

---
 .github/workflows/release_to_pypi.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release_to_pypi.yml b/.github/workflows/release_to_pypi.yml
index 0f772f9..909f646 100644
--- a/.github/workflows/release_to_pypi.yml
+++ b/.github/workflows/release_to_pypi.yml
@@ -6,8 +6,14 @@ on:
       - published
 
 jobs:
-  run:
+  pypi-publish:
     runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/underground
+    permissions:
+      id-token: write
+
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
@@ -30,6 +36,3 @@ jobs:
 
       - name: Publish Python distribution to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}