From 10c8b8405c5abb144fe18319aec3ba108058fa07 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <henryschreineriii@gmail.com>
Date: Sat, 20 May 2023 11:43:29 -0400
Subject: [PATCH] chore: use trusted publisher deployment

Signed-off-by: Henry Schreiner <henryschreineriii@gmail.com>
---
 .github/workflows/build.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fb51324d..8770c143 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -218,13 +218,15 @@ jobs:
     needs: [check_dist]
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.repository == 'scikit-build/cmake-python-distributions' && startsWith(github.ref, 'refs/tags/')
+    environment:
+      name: pypi
+      url: https://pypi.org/p/cmake
+    permissions:
+      id-token: write
     steps:
       - uses: actions/download-artifact@v3
         with:
           name: artifact
           path: dist
 
-      - name: Upload to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_RELEASE_PASSWORD }}
+      - uses: pypa/gh-action-pypi-publish@release/v1