From 6b1d193a2236b21f852ea9b87ef398db9a04eb38 Mon Sep 17 00:00:00 2001
From: Craig Rodrigues <rodrigc@crodrigues.org>
Date: Tue, 13 Aug 2024 11:23:07 -0700
Subject: [PATCH] Bump up gh-action-pypi-publish to v1.9.0 (#133)

Remove use of token, use trusted provider instead:
https://github.com/pypa/gh-action-pypi-publish/?tab=readme-ov-file#trusted-publishing
---
 .github/workflows/publish-to-pypi.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
index cac895f..1f36328 100644
--- a/.github/workflows/publish-to-pypi.yml
+++ b/.github/workflows/publish-to-pypi.yml
@@ -15,6 +15,8 @@ jobs:
   build-n-publish:
     name: Build and publish Python 🐍 distributions 📦 to PyPI
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write # OIDC for PyPi Trusted Publisher feature
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python 3.10
@@ -36,6 +38,4 @@ jobs:
     - name: Build a binary wheel
       run: python setup.py sdist bdist_wheel
     - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@v1.8.10
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}
+      uses: pypa/gh-action-pypi-publish@v1.9.0