From 678ee78b45ee74619ea45d71d278de44bf720c09 Mon Sep 17 00:00:00 2001
From: Alex Sherstinsky <alexsherstinsky@users.noreply.github.com>
Date: Tue, 16 Jan 2024 23:30:53 -0800
Subject: [PATCH] [MAINTENANCE] Use Trusted Publishers credentials instead of
 User/Password for uploading releases to PyPi (#3892)

---
 .github/workflows/upload-pypi.yml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/upload-pypi.yml b/.github/workflows/upload-pypi.yml
index 0060f4f2bd0..2685eca1465 100644
--- a/.github/workflows/upload-pypi.yml
+++ b/.github/workflows/upload-pypi.yml
@@ -9,9 +9,16 @@ on:
   workflow_dispatch:
 
 jobs:
-  upload:
+  pypi-publish:
+    name: upload release to PyPI
     runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
+      # retrieve your distributions here
       - name: Checkout
         uses: actions/checkout@v2
         with:
@@ -21,15 +28,9 @@ jobs:
         with:
           python-version: 3.8
 
-      - name: Install Twine
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install setuptools wheel twine
-
       - name: Build and upload to PyPI
         run: |
           python setup.py sdist
-          python -m twine upload dist/*
-        env:
-          TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1