From 2f11456ea74e800d8c10fbcbba76161b0f46cdeb Mon Sep 17 00:00:00 2001
From: msftcangoblowme <msftcangoblowme@protonmail.com>
Date: Thu, 29 Feb 2024 10:52:36 +0000
Subject: [PATCH] setup trusted publishing rather than PYPI_API_TOKEN secret

- chore(release.yml): configure permissions id-token write
- chore(release.yml): configure environment for pypi
- chore(release.yml): if condition to only run tagged version
---
 .github/workflows/release.yml | 10 +++++++++-
 CHANGES.rst                   |  9 +++++++++
 docs/conf.py                  |  4 ++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c6c2b05..2249b8d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -17,8 +17,12 @@ env:
   PIP_DISABLE_PIP_VERSION_CHECK: 1
   DEST_FOLDER: dist/
 
+permissions:
+  contents: read  # This is required for actions/checkout
+
 jobs:
   build:
+    if: github.event_name == 'create' && startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
     steps:
     - name: Checkout the repo
@@ -55,7 +59,11 @@ jobs:
     - name: Publish package
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        password: ${{ secrets.PYPI_API_TOKEN }}
+        environment:
+          name: pypi
+          url: https://pypi.org/p/logging-strict
+        permissions:
+          id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
 
     - name: Release GitHub
       uses: softprops/action-gh-release@v1
diff --git a/CHANGES.rst b/CHANGES.rst
index b744955..b25e532 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -22,6 +22,15 @@ Changelog
 
 .. scriv-start-here
 
+.. _changes_1-2-13:
+
+Version 1.2.13 — 2024-02-29
+---------------------------
+
+- chore(release.yml): configure permissions id-token write
+- chore(release.yml): configure environment for pypi
+- chore(release.yml): if condition to only run tagged version
+
 .. _changes_1-2-12:
 
 Version 1.2.12 — 2024-02-29
diff --git a/docs/conf.py b/docs/conf.py
index 2f4761f..ec35378 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -60,9 +60,9 @@
 # @@@ editable
 copyright = "2023–2024, Dave Faulkmore"
 # The short X.Y.Z version.
-version = "1.2.12"
+version = "1.2.13"
 # The full version, including alpha/beta/rc tags.
-release = "1.2.12"
+release = "1.2.13"
 # The date of release, in "monthname day, year" format.
 release_date = "February 29, 2024"
 # @@@ end