From 4d960e7d9c708790268af3fbb5a8ce7c9184a9a5 Mon Sep 17 00:00:00 2001
From: Connor Duncan <connor@connorduncan.xyz>
Date: Mon, 25 Mar 2024 13:21:17 -0500
Subject: [PATCH 1/2] test trusted publisher

---
 .github/workflows/CI.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 1f3fc97..ee6609b 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -120,8 +120,9 @@ jobs:
           name: wheels
       - name: Publish to PyPI
         uses: PyO3/maturin-action@v1
-        env:
-          MATURIN_PYPI_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
         with:
           command: upload
           args: --non-interactive --skip-existing *
+        permissions:
+          id-token: write
+        environment: release

From e2c935a492a62c0ee1a6922260e393df3cbe9b4b Mon Sep 17 00:00:00 2001
From: Connor Duncan <connor@connorduncan.xyz>
Date: Mon, 25 Mar 2024 13:26:00 -0500
Subject: [PATCH 2/2] fix permissions loc

---
 .github/workflows/CI.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index ee6609b..41f0781 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -114,6 +114,9 @@ jobs:
     runs-on: ubuntu-latest
     if: "startsWith(github.ref, 'refs/tags/')"
     needs: [linux, windows, macos, sdist]
+    permissions:
+      id-token: write
+    environment: release
     steps:
       - uses: actions/download-artifact@v3
         with:
@@ -123,6 +126,3 @@ jobs:
         with:
           command: upload
           args: --non-interactive --skip-existing *
-        permissions:
-          id-token: write
-        environment: release