From c0d7fa1356e7b897efbe4dcd8efcf5ea9e51a50f Mon Sep 17 00:00:00 2001
From: Bruno Oliveira <nicoddemus@gmail.com>
Date: Thu, 20 Apr 2023 21:17:09 -0300
Subject: [PATCH 1/3] Use PyPI trusted publishers for deploying

---
 .github/workflows/deploy.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 9adaf3f..142b4f7 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -9,6 +9,9 @@ jobs:
 
   deploy:
     runs-on: ubuntu-latest
+    environment: deploy
+    permissions:
+      id-token: write # For PyPI trusted publishers.
 
     steps:
     - uses: actions/checkout@v3
@@ -24,9 +27,6 @@ jobs:
 
     - name: Publish package to PyPI
       uses: pypa/gh-action-pypi-publish@master
-      with:
-        user: __token__
-        password: ${{ secrets.pypi_token }}
 
     - name: Set up Python
       uses: actions/setup-python@v4.5.0

From 5e251d70b89f751cfc1e176edb23a7ee51dff179 Mon Sep 17 00:00:00 2001
From: Bruno Oliveira <nicoddemus@gmail.com>
Date: Thu, 20 Apr 2023 22:14:59 -0300
Subject: [PATCH 2/3] Change deploy to a manual trigger

---
 .github/workflows/deploy.yml | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 142b4f7..30fccba 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -1,9 +1,12 @@
 name: deploy
 
 on:
-  push:
-    tags:
-      - "v*"
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Release version'
+        required: true
+        default: '1.2.3'
 
 jobs:
 
@@ -28,6 +31,10 @@ jobs:
     - name: Publish package to PyPI
       uses: pypa/gh-action-pypi-publish@master
 
+    - uses: actions-ecosystem/action-push-tag@v1
+      with:
+        tag: v${{ github.event.inputs.version }}
+
     - name: Set up Python
       uses: actions/setup-python@v4.5.0
       with:

From 2315f482f1b40b69c045fe19cf627f65d959279b Mon Sep 17 00:00:00 2001
From: Bruno Oliveira <nicoddemus@gmail.com>
Date: Thu, 20 Apr 2023 22:18:23 -0300
Subject: [PATCH 3/3] Update RELEASING.rst

---
 RELEASING.rst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RELEASING.rst b/RELEASING.rst
index 1a9d8f2..50be392 100644
--- a/RELEASING.rst
+++ b/RELEASING.rst
@@ -3,5 +3,5 @@ Here are the steps on how to make a new release.
 1. Create a ``release-VERSION`` branch from ``upstream/master``.
 2. Update ``CHANGELOG.rst``.
 3. Push a branch with the changes.
-4. Once all builds pass, push a tag to ``upstream``.
+4. Once all builds pass, run the ``deploy`` workflow manually.
 5. Merge the PR.