From 7f7057fb7e826e5a6a20aa818db4ddc796791795 Mon Sep 17 00:00:00 2001
From: Victor Barua <victor.barua@datadoghq.com>
Date: Fri, 13 Mar 2026 12:34:52 -0700
Subject: [PATCH] build: enable Trusted Publishing to PyPI

---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6ed4c6e..28423eb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,6 +6,7 @@ on:
     tags: [ 'v[0-9]+.[0-9]+.[0-9]+' ]
 
 permissions:
+  id-token: write
   contents: write
 
 jobs:
@@ -53,6 +54,7 @@ jobs:
     name: Publish to PyPI
     runs-on: ubuntu-latest
     needs: release
+    environment: pypi
     steps:
       - name: Download artifact
         uses: actions/download-artifact@v7
@@ -61,5 +63,3 @@ jobs:
           path: dist/
       - name: Publish package to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}