From 37d7687d2d429410d24c5b04102a35c4b0721544 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bern=C3=A1t=20G=C3=A1bor?= <bgabor8@bloomberg.net>
Date: Wed, 26 Apr 2023 10:14:20 -0700
Subject: [PATCH] Use trusted publisher
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bernát Gábor <bgabor8@bloomberg.net>
---
 .github/workflows/check.yml   | 24 +-----------------------
 .github/workflows/release.yml | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 23 deletions(-)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 8df319b8..954c2999 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -1,6 +1,7 @@
 name: check
 on:
   push:
+    tags-ignore: ["**"]
   pull_request:
   schedule:
     - cron: "0 8 * * *"
@@ -135,26 +136,3 @@ jobs:
         run: tox -vv --notest -e ${{ matrix.tox_env }}
       - name: Run test suite
         run: tox --skip-pkg-install -e ${{ matrix.tox_env }}
-
-  publish:
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-    needs: [check, coverage]
-    runs-on: ubuntu-latest
-    steps:
-      - name: Setup python to build package
-        uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-      - name: Install build
-        run: python -m pip install build
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Build sdist and wheel
-        run: python -m build -s -w . -o dist
-      - name: Publish to PyPi
-        uses: pypa/gh-action-pypi-publish@v1.8.5
-        with:
-          skip_existing: true
-          user: __token__
-          password: ${{ secrets.pypi_password }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 00000000..9733673f
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,27 @@
+name: Release to PyPI
+on:
+  push:
+    tags: ["*"]
+
+jobs:
+  release:
+    runs-on: ubuntu-22.04
+    environment:
+      name: release
+      url: https://pypi.org/p/platformdirs
+    permissions:
+      id-token: write
+    steps:
+      - name: Setup python to build package
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install build
+        run: python -m pip install build
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Build package
+        run: pyproject-build -s -w . -o dist
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.8.5