From df8c431aa4d49a2e611f8a5d3a6cfabe35136763 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Morales?= <jmoralz92@gmail.com>
Date: Mon, 16 Dec 2024 16:48:02 -0600
Subject: [PATCH] [skip ci] use trusted publisher

---
 .github/workflows/python-publish.yml      | 34 ++++++++---------------
 .github/workflows/test-python-publish.yml | 27 ++++++++++++++++++
 2 files changed, 38 insertions(+), 23 deletions(-)
 create mode 100644 .github/workflows/test-python-publish.yml

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index fc23ab8c..48575c6a 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -1,39 +1,27 @@
-# This workflow will upload a Python Package using Twine when a release is created
-# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
 name: Upload Python Package
 
 on:
-  release:
-    types: [published]
-
-permissions:
-  contents: read
+  push:
+    tags:
+      - 'v*'
 
 jobs:
   deploy:
-
     runs-on: ubuntu-latest
-
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Set up Python
-        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0
+
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0
         with:
           python-version: '3.x'
+
       - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install build
+        run: python -m pip install --upgrade pip && pip install build
+
       - name: Build package
         run: python -m build
+
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
diff --git a/.github/workflows/test-python-publish.yml b/.github/workflows/test-python-publish.yml
new file mode 100644
index 00000000..ed3157c8
--- /dev/null
+++ b/.github/workflows/test-python-publish.yml
@@ -0,0 +1,27 @@
+name: Upload Python Package to TestPyPI
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # 5.3.0
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies
+        run: python -m pip install --upgrade pip && pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3
+        with:
+          repository-url: https://test.pypi.org/legacy/