From 1a2e8e4a9c58926fec6d1f15f55b6cc202ffc613 Mon Sep 17 00:00:00 2001
From: Jean-Christophe Fillion-Robin <jchris.fillionr@kitware.com>
Date: Sat, 20 May 2023 12:07:37 -0400
Subject: [PATCH 1/2] chore: use trusted publisher deployment

Signed-off-by: Jean-Christophe Fillion-Robin <jchris.fillionr@kitware.com>
---
 .github/workflows/build.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 729a107..86ea2b4 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -150,6 +150,11 @@ jobs:
     needs: [check_dist]
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.repository == 'scikit-build/ninja-python-distributions' && startsWith(github.ref, 'refs/tags/')
+    environment:
+      name: pypi
+      url: https://pypi.org/p/ninja
+    permissions:
+      id-token: write
     steps:
       - uses: actions/download-artifact@v3
         with:
@@ -157,7 +162,4 @@ jobs:
           path: dist
 
       - name: Upload to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_RELEASE_PASSWORD }}
+        uses: pypa/gh-action-pypi-publish@release/v4

From 6959608691635b05cf7b0060f51fbb91845f9906 Mon Sep 17 00:00:00 2001
From: Henry Schreiner <HenrySchreinerIII@gmail.com>
Date: Wed, 24 May 2023 17:03:20 -0700
Subject: [PATCH 2/2] Update .github/workflows/build.yml

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 86ea2b4..7a4daa3 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -162,4 +162,4 @@ jobs:
           path: dist
 
       - name: Upload to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v4
+        uses: pypa/gh-action-pypi-publish@release/v1