From cc994a3539a184ad98d1a96da432e9b0ec3257e3 Mon Sep 17 00:00:00 2001
From: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
Date: Wed, 12 Jun 2024 18:03:36 +0200
Subject: [PATCH 1/2] Configure PYPI publishing using trusted publishing (OIDC)

Signed-off-by: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
---
 .github/workflows/pypi-publish.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pypi-publish.yaml b/.github/workflows/pypi-publish.yaml
index 108dfa6d..f07fdbd4 100644
--- a/.github/workflows/pypi-publish.yaml
+++ b/.github/workflows/pypi-publish.yaml
@@ -11,6 +11,9 @@ jobs:
 
   build_and_package:
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
     steps:
       - uses: actions/checkout@v4
       - name: install python
@@ -33,6 +36,3 @@ jobs:
 
       - name: Publish to Pypi
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}

From 19a40f3abce272633381350e41da74a8d0d5b64f Mon Sep 17 00:00:00 2001
From: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
Date: Wed, 12 Jun 2024 18:24:56 +0200
Subject: [PATCH 2/2] Configure release drafter

Signed-off-by: Salvatore Mesoraca <salvatore.mesoraca@aiven.io>
---
 .github/workflows/release-drafter.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 3e01630b..1e4d1189 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -14,6 +14,7 @@ jobs:
       contents: write  #  to create a github release (release-drafter/release-drafter)
 
     runs-on: ubuntu-latest
+    environment: release-drafter
     steps:
       # Drafts your next Release notes as Pull Requests are merged into "main"
       - uses: release-drafter/release-drafter@v6