From 5b649c11a90a85f58e270df182ad3bbb63ba2e27 Mon Sep 17 00:00:00 2001
From: Malachi Soord <inverse.chi@gmail.com>
Date: Wed, 17 Jan 2024 22:36:17 +0100
Subject: [PATCH] Secure publish pipeline (#101)

---
 .github/workflows/publish.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index dea71bc..bfc1c30 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,6 +7,11 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-20.04
+    environment:
+      name: pypi
+      url: https://pypi.org/p/cert-host-scraper
+    permissions:
+      id-token: write
     steps:
     - uses: actions/checkout@master
     - uses: actions/setup-python@v5
@@ -24,6 +29,3 @@ jobs:
         poetry build
     - name: Publish to PyPI
       uses: pypa/gh-action-pypi-publish@v1.8.11
-      with:
-        user: __token__
-        password: ${{ secrets.pypi_token }}