From 7975fca9283403bdfd4416701056e37111979c8a Mon Sep 17 00:00:00 2001
From: Michael Mouchous <99665078+mmouchous-ledger@users.noreply.github.com>
Date: Fri, 5 Apr 2024 17:31:22 +0200
Subject: [PATCH 1/3] Create python-publish.yml

---
 .github/workflows/python-publish.yml | 39 ++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 .github/workflows/python-publish.yml

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
new file mode 100644
index 0000000..bdaab28
--- /dev/null
+++ b/.github/workflows/python-publish.yml
@@ -0,0 +1,39 @@
+# This workflow will upload a Python Package using Twine when a release is created
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+name: Upload Python Package
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v3
+      with:
+        python-version: '3.x'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build
+    - name: Build package
+      run: python -m build
+    - name: Publish package
+      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
+      with:
+        user: __token__
+        password: ${{ secrets.PYPI_API_TOKEN }}

From e48b6b779f4c1289dcb895e297198cb0a42b0346 Mon Sep 17 00:00:00 2001
From: Michael Mouchous <99665078+mmouchous-ledger@users.noreply.github.com>
Date: Mon, 8 Apr 2024 14:22:37 +0200
Subject: [PATCH 2/3] Add environment "release" on this workflow

---
 .github/workflows/python-publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index bdaab28..e2cbcd7 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -20,6 +20,8 @@ jobs:
 
     runs-on: ubuntu-latest
 
+    environment: release
+    
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python

From 0bac8279d12dfa489276632e54a5f1d4e685cbfc Mon Sep 17 00:00:00 2001
From: Michael Mouchous <99665078+mmouchous-ledger@users.noreply.github.com>
Date: Mon, 8 Apr 2024 14:30:35 +0200
Subject: [PATCH 3/3] Update python-publish.yml

https://docs.pypi.org/trusted-publishers/using-a-publisher/
---
 .github/workflows/python-publish.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index e2cbcd7..9df67bb 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -21,6 +21,9 @@ jobs:
     runs-on: ubuntu-latest
 
     environment: release
+    permissions:
+      # This permission is mandatory for trusted publishing
+      id-token: write
     
     steps:
     - uses: actions/checkout@v3
@@ -35,7 +38,4 @@ jobs:
     - name: Build package
       run: python -m build
     - name: Publish package
-      uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29
-      with:
-        user: __token__
-        password: ${{ secrets.PYPI_API_TOKEN }}
+      uses: pypa/gh-action-pypi-publish@release/v1