Switch to PyPI publishing via a trusted publisher. Change-Id: Ie94c5e6931f8fa70f238c9a5360874ff8833876a Reviewed-on: https://code-review.googlesource.com/c/re2/+/62972 Reviewed-by: Perry Lorier <perryl@google.com> Reviewed-by: Paul Wankadia <junyer@google.com>

commit: 3c7e162c8eefa8db556df680cf01b0c2cde71230 [log] [tgz]
author: Paul Wankadia <junyer@google.com> Tue Apr 09 10:22:42 2024 +0000
committer: Paul Wankadia <junyer@google.com> Tue Apr 09 10:49:08 2024 +0000
tree: 4004d582604804e81cd032e010e4151af5e198b6
parent: e76b306b847f9c8f42f5f1ba1000affa2691142b [diff]
diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index 7b09f29..7f97adc 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml

@@ -184,6 +184,10 @@
       - wheel-linux
       - wheel-macos
       - wheel-windows
+    permissions:
+      contents: read
+      # Required for PyPI publishing.
+      id-token: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4.1.1
@@ -224,5 +228,4 @@
       - if: inputs.build >= 1
         uses: pypa/gh-action-pypi-publish@v1.8.14
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
           packages-dir: python/dist
commit	3c7e162c8eefa8db556df680cf01b0c2cde71230	[log] [tgz]
author	Paul Wankadia <junyer@google.com>	Tue Apr 09 10:22:42 2024 +0000
committer	Paul Wankadia <junyer@google.com>	Tue Apr 09 10:49:08 2024 +0000
tree	4004d582604804e81cd032e010e4151af5e198b6
parent	e76b306b847f9c8f42f5f1ba1000affa2691142b [diff]