From 85cf9a45709a3bde046943e238c4ab0950c0b286 Mon Sep 17 00:00:00 2001
From: Adam Lugowski <alugowski@gmail.com>
Date: Sun, 15 Oct 2023 19:20:46 -0700
Subject: [PATCH] Add id-token permission for PyPI trusted publishing

---
 .github/workflows/wheels.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml
index be6bfd8..6127d17 100644
--- a/.github/workflows/wheels.yml
+++ b/.github/workflows/wheels.yml
@@ -25,6 +25,10 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  # For PyPI Trusted Publisher
+  id-token: write
+
 jobs:
   build_sdist:
     name: Build SDist
@@ -225,6 +229,7 @@ jobs:
 
       # Upload to PyPI
       - uses: pypa/gh-action-pypi-publish@release/v1
+        name: Upload to PyPI
         if: github.event_name == 'release' || (github.event_name == 'workflow_dispatch' && github.event.inputs.upload_dest == 'PyPI')
         with:
           # PyPI does not allow replacing a file. Without this flag the entire action fails if even a single duplicate exists.
@@ -234,6 +239,7 @@ jobs:
 
       # Upload to Test PyPI
       - uses: pypa/gh-action-pypi-publish@release/v1
+        name: Upload to Test PyPI
         if: github.event_name == 'workflow_dispatch' && github.event.inputs.upload_dest == 'Test PyPI'
         with:
           # PyPI does not allow replacing a file. Without this flag the entire action fails if even a single duplicate exists.