diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 8b55c1e..9b11543 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -45,6 +45,9 @@ jobs:
     needs: ruff-check
     # run on tag only
     if: startsWith(github.ref, 'refs/tags/')
+    permissions:
+      # this permission is mandatory for trusted publishing
+      id-token: write
     steps:
       - uses: actions/checkout@v3
       - name: Set up Python
@@ -58,15 +61,5 @@ jobs:
       - name: Build package
         run: python -m build --wheel
 
-      - name: Publish package to the test PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
-          repository-url: https://test.pypi.org/legacy/
-
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}