From d0566c7fb6251384c64b8c3f6b82ca55bb10d16f Mon Sep 17 00:00:00 2001
From: AlexNg <contact@ngjx.org>
Date: Mon, 22 Jul 2024 02:15:11 +0800
Subject: [PATCH] ci(release): Use PyPI's trusted publisher

Signed-off-by: AlexNg <contact@ngjx.org>
---
 .github/workflows/release.yml | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 05501ef..4617f8c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,10 +12,31 @@ jobs:
   pypi-publish:
     name: Upload release to PyPI
     runs-on: ubuntu-latest
+    environment:
+      name: release
+      url: https://pypi.org/project/thread
+    permissions:
+      id-token: write
 
     steps:
-      - uses: actions/checkout@v4
-      - name: Build and publish
-        uses: JRubics/poetry-publish@v2.0
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v5
         with:
-          pypi_token: ${{ secrets.PYPI_TOKEN }}
+          python-version: 3.x
+
+      - name: Install dependencies
+        run: |
+          set -xe
+          python -m pip install poetry
+          python -m poetry install
+
+      - name: Build Thread
+        run: |
+          set -xe
+          python -m poetry build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1