From 9371ab06e93dbf4039203cc7d98d328c30f9483a Mon Sep 17 00:00:00 2001
From: yangxuan <xuan.yang@zilliz.com>
Date: Mon, 20 Jan 2025 19:16:19 +0800
Subject: [PATCH] enhance: Publishing releases with trusted publisher

Ref: https://docs.pypi.org/trusted-publishers/using-a-publisher/
See also: #2440

Signed-off-by: yangxuan <xuan.yang@zilliz.com>
---
 .github/workflows/publish_on_release.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish_on_release.yml b/.github/workflows/publish_on_release.yml
index 76905aca1..624c70e62 100644
--- a/.github/workflows/publish_on_release.yml
+++ b/.github/workflows/publish_on_release.yml
@@ -8,6 +8,9 @@ jobs:
   build-n-publish:
     name: Build and publish Python 🐍 distributions 📦 to PyPI
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
 
     steps:
     - name: Check out from Git
@@ -37,10 +40,7 @@ jobs:
     - name: Publish distribution 📦 to Test PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: ${{ secrets.TOKEN_TEST_PYPI }}
         repository-url: https://test.pypi.org/legacy/
     - name: Publish distribution 📦 to PyPI
       if: startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}