From 12e45498e8e4673afdfe0cf133925b40639cf464 Mon Sep 17 00:00:00 2001
From: konstin <konstin@mailbox.org>
Date: Fri, 26 May 2023 09:52:24 +0200
Subject: [PATCH] Improve token handling (#4653)

* Use release environment

* Use pypi trusted publishing

* typo
---
 .github/workflows/release.yaml | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e37b36374e..e96b25f5fd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -394,18 +394,22 @@ jobs:
       - musllinux
       - musllinux-cross
     if: "startsWith(github.ref, 'refs/tags/')"
+    environment:
+      name: release
+    permissions:
+      # For pypi trusted publishing
+      id-token: write
     steps:
       - uses: actions/download-artifact@v3
         with:
           name: wheels
-      - uses: actions/setup-python@v4
+          path: wheels
       - name: "Publish to PyPi"
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.RUFF_TOKEN }}
-        run: |
-          pip install --upgrade twine
-          twine upload --skip-existing *
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          skip-existing: true
+          packages-dir: wheels
+          verbose: true
       - uses: actions/download-artifact@v3
         with:
           name: binaries