From acc247af1f0be9f58f961bb95a12b0ff952b086f Mon Sep 17 00:00:00 2001
From: Sebastien Morais <sebastien.morais@ansys.com>
Date: Fri, 7 Jun 2024 09:30:48 +0200
Subject: [PATCH] CI: Use Trusted Publisher to release package

---
 .github/workflows/ci_cd.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci_cd.yml b/.github/workflows/ci_cd.yml
index f8418b96..04e04b14 100644
--- a/.github/workflows/ci_cd.yml
+++ b/.github/workflows/ci_cd.yml
@@ -307,13 +307,17 @@ jobs:
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags')
     needs: build-library
     runs-on: ubuntu-latest
+    # Specifying a GitHub environment is optional, but strongly encouraged
+    environment: release
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: "Release to the public PyPI repository"
         uses: ansys/actions/release-pypi-public@v6
         with:
           library-name: ${{ env.LIBRARY_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          use-trusted-publisher: true
 
       - name: "Release to GitHub"
         uses: ansys/actions/release-github@v6