From 61c3a742d8e5a3ed1bf46710761fd6010132c145 Mon Sep 17 00:00:00 2001
From: Nathan Zimmerman <npzimmerman@gmail.com>
Date: Mon, 15 Apr 2024 16:26:12 -0500
Subject: [PATCH] trusted publisher pypi workflow

---
 .github/workflows/release.yaml | 25 +++++++++----------------
 tox.ini                        | 13 -------------
 2 files changed, 9 insertions(+), 29 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 5b3e085..e4a5ee0 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -7,23 +7,16 @@ on:
       - created
 
 jobs:
-  release:
-    name: release
+  pypi-publish:
+    name: upload release to PyPI
     runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
     environment: release
-    if: ${{ github.repository }} == 'moradology/beam-pyspark-runner'
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Python 3.11
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-
-      - name: Install dependencies
-        run: python -m pip install tox
+      # retrieve your distributions here
 
-      - name: Release
-        run: tox -e release
-        env:
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/tox.ini b/tox.ini
index 5b96a8b..329b037 100644
--- a/tox.ini
+++ b/tox.ini
@@ -21,16 +21,3 @@ deps = build
 commands =
     python -c "import shutil; shutil.rmtree('dist', ignore_errors=True)"
     python -m build
-
-[testenv:release]
-basepython = python3
-passenv =
-    TWINE_PASSWORD
-setenv =
-    TWINE_USERNAME = {env:TWINE_USERNAME:__token__}
-deps =
-    {[testenv:build]deps}
-    twine >= 4.0.2
-commands =
-    {[testenv:build]commands}
-    python -m twine upload --verbose dist/*