From 09e76ab1505805563e1210c6f265325b9a2ce242 Mon Sep 17 00:00:00 2001
From: Tim Lehr <timlehr@users.noreply.github.com>
Date: Fri, 7 Jul 2023 14:31:39 -0700
Subject: [PATCH] Updated PyPI publish workflow (#2)

Signed-off-by: Tim Lehr <tim.lehr@disneyanimation.com>
---
 .github/workflows/deploy_package.yaml | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/deploy_package.yaml b/.github/workflows/deploy_package.yaml
index 7486080..9e59a15 100644
--- a/.github/workflows/deploy_package.yaml
+++ b/.github/workflows/deploy_package.yaml
@@ -8,23 +8,27 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v4
       with:
         python-version: '3.x'
     - name: Install dependencies
       run: |
-        python -m pip install --upgrade pip build twine
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: __token__
-        # You need to add a token to your repo's secrets
-        # Make sure you match the name of your secret to the token name below.
-        TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        python -m pip install build
+    - name: Build dist package
       run: |
         python -m build
+    - name: Upload Built Artifacts
+      uses: actions/upload-artifact@v3
+      with:
+        name: dist
+        path: |
+          ./dist/*.whl
+          ./dist/*.gz
+    - name: Publish package distributions to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
 
-        # Make sure everything works on testpypi before releasing on pypi
-        twine upload --repository pypi dist/*