From 2ea7a791d88f8572a6de3c37e39803c2fd81c5e1 Mon Sep 17 00:00:00 2001
From: Yinchuan Song <562997+inntran@users.noreply.github.com>
Date: Sat, 8 Nov 2025 09:09:27 -0500
Subject: [PATCH] remove explict credentials for pypi

---
 .github/workflows/publish.yml | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 3a98507..a03993f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,6 +1,7 @@
 name: Publish
 permissions:
   contents: read
+  id-token: write
 
 on:
   push:
@@ -19,10 +20,13 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v6
         with:
-          python-version: "3.12"
+          python-version: "3.x"
 
       - name: Install uv
-        uses: astral-sh/setup-uv@v3
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: auto
+          python-version: "3.x"
 
       - name: Build distributions
         run: |
@@ -33,13 +37,9 @@ jobs:
         if: github.ref == 'refs/heads/staging'
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
 
       - name: Publish to PyPI
         if: github.ref == 'refs/heads/main'
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
+