From d26130a4994f4dee0da943fce12168414b647c15 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Wed, 31 May 2023 12:20:00 +1000
Subject: [PATCH] Use OIDC for PyPI releases

---
 .github/workflows/ci.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b7d97a79..814a931d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,9 +20,6 @@ on:
     types:
     - published
 
-  schedule:
-  - cron: 0 9 * * *
-
 jobs:
   build:
     name: build
@@ -34,8 +31,6 @@ jobs:
 
     - name: Select python
       uses: actions/setup-python@v4
-      with:
-        python-version: 3.9
 
     - name: Build smbprotocol
       run: |
@@ -145,6 +140,9 @@ jobs:
     needs:
     - test
     runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
 
     steps:
     - uses: actions/download-artifact@v3
@@ -155,6 +153,3 @@ jobs:
     - name: Publish
       if: startsWith(github.ref, 'refs/tags/v')
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}