From a611645558cc993fb0876eacfab265e3b90a294e Mon Sep 17 00:00:00 2001
From: GeoJulien <dev@ingeoveritas.com>
Date: Thu, 2 May 2024 11:30:07 +0200
Subject: [PATCH] ci(release): switch to PyPi trusted publisher

---
 .github/workflows/build_release.yml | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/build_release.yml b/.github/workflows/build_release.yml
index 4aa7446..a8d4a0d 100644
--- a/.github/workflows/build_release.yml
+++ b/.github/workflows/build_release.yml
@@ -176,7 +176,11 @@ jobs:
   release:
     name: "🚀 GitHub Release"
     runs-on: ubuntu-latest
-    needs: [build-macos, build-python-wheel, build-ubuntu, build-windows]
+    needs:
+      - build-macos
+      - build-python-wheel
+      - build-ubuntu
+      - build-windows
 
     if: startsWith(github.ref, 'refs/tags/')
 
@@ -208,6 +212,7 @@ jobs:
       - name: Release
         uses: softprops/action-gh-release@v2
         with:
+          discussion_category_name: announcements
           fail_on_unmatched_files: true
           files: builds/**/*
           generate_release_notes: true
@@ -215,7 +220,13 @@ jobs:
   release-pypi:
     name: "🐍 Release on PyPI"
     runs-on: ubuntu-latest
-    needs: [build-python-wheel]
+    needs:
+      - build-python-wheel
+    environment:
+      name: pypi
+      url: https://pypi.org/project/geotribu/
+    permissions:
+      id-token: write
 
     if: startsWith(github.ref, 'refs/tags/')
 
@@ -230,12 +241,15 @@ jobs:
         if: startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          packages-dir: builds/wheel
+          print-hash: true
 
   release-ghcr:
     name: "🐳 Release as Docker container"
     runs-on: ubuntu-latest
-    needs: [release, release-pypi]
+    needs:
+      - release
+      - release-pypi
     env:
       REGISTRY: ghcr.io
       IMAGE_NAME: ${{ github.repository }}