From 3c7e162c8eefa8db556df680cf01b0c2cde71230 Mon Sep 17 00:00:00 2001
From: Paul Wankadia <junyer@google.com>
Date: Tue, 9 Apr 2024 10:22:42 +0000
Subject: [PATCH] Switch to PyPI publishing via a trusted publisher.

Change-Id: Ie94c5e6931f8fa70f238c9a5360874ff8833876a
Reviewed-on: https://code-review.googlesource.com/c/re2/+/62972
Reviewed-by: Perry Lorier <perryl@google.com>
Reviewed-by: Paul Wankadia <junyer@google.com>
---
 .github/workflows/python.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index 7b09f2982..7f97adc23 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -184,6 +184,10 @@ jobs:
       - wheel-linux
       - wheel-macos
       - wheel-windows
+    permissions:
+      contents: read
+      # Required for PyPI publishing.
+      id-token: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.1
@@ -224,5 +228,4 @@ jobs:
       - if: inputs.build >= 1
         uses: pypa/gh-action-pypi-publish@v1.8.14
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
           packages-dir: python/dist