From f21ea3644f70972a62f6a4c1c126b1f81a714430 Mon Sep 17 00:00:00 2001
From: matfax <mat@fax.fyi>
Date: Tue, 11 Jul 2023 18:19:47 +0200
Subject: [PATCH] ci(publish): generate single-use token for publishing

Added a step in the publish.yml workflow to generate a mint token using the tschm/token-mint-action. Updated the poetry publish command to include the generated API token for authentication.
---
 .github/workflows/publish.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 1e78314..08e432f 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -10,6 +10,7 @@ jobs:
     environment: publishing
     permissions:
       id-token: write
+      contents: read
     strategy:
       matrix:
         python-version: [3.8]
@@ -53,5 +54,8 @@ jobs:
           file: ./coverage.xml
           flags: unittests
           name: python ${{ matrix.python-version }} on ${{ runner.os }}
+      - name: generate mint token
+        id: mint
+        uses: tschm/token-mint-action@v1.0.2
       - name: publishing to PyPi
-        run: poetry publish -n -vv
+        run: poetry publish -n -vv -u __token__ -p '${{ steps.mint.outputs.api-token }}'