From 37f4e9a81436f8d5d176a0826c674901228d7123 Mon Sep 17 00:00:00 2001
From: Ludovic Steinbach <ludovic.steinbach@ansys.com>
Date: Fri, 20 Sep 2024 13:38:52 +0200
Subject: [PATCH] Use trusted publisher release

---
 .github/workflows/build_and_test_library.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_and_test_library.yml b/.github/workflows/build_and_test_library.yml
index f3d3a005..911c2e1f 100644
--- a/.github/workflows/build_and_test_library.yml
+++ b/.github/workflows/build_and_test_library.yml
@@ -111,13 +111,16 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build-library]
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: "Release to public PyPI"
         uses: ansys/actions/release-pypi-public@v7
         with:
           library-name: ${{ env.LIBRARY_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          use-trusted-publisher: true
 
       - name: "Release to private PyPI"
         uses: ansys/actions/release-pypi-private@v7