From ff68615abde6828f8b5137e7dde6650a478f1f2c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Yolan=20Honor=C3=A9-Roug=C3=A9?=
 <yolan.honore.rouge@gmail.com>
Date: Sat, 20 Apr 2024 00:00:58 +0200
Subject: [PATCH] :lock: Use a github environment for publishing to PyPI

---
 .github/workflows/publish.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index aa232be..6157bc2 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -8,6 +8,10 @@ jobs:
     strategy:
       matrix:
         python-version: [3.11]
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     env:
       PYTHON_PACKAGE: kedro_pandera
     steps:
@@ -60,6 +64,4 @@ jobs:
     - name: Publish distribution to PyPI  # official action from python maintainers
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.PYPI_PASSWORD }}
         verbose: true  # trace if the upload fails