From 9ee53187a0f57de1e06d3f2a85e47869a769c7bb Mon Sep 17 00:00:00 2001
From: masklinn <github.com@masklinn.net>
Date: Sat, 14 Feb 2026 13:09:57 +0100
Subject: [PATCH] Switch main publish workflow to trusted publishing

I'll probably discover this is broken the first time I try it, but
this at least allows removing the token from github, and invalidating
it in my account.
---
 .github/workflows/release-main.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
index 0e42d7e..98c1730 100644
--- a/.github/workflows/release-main.yml
+++ b/.github/workflows/release-main.yml
@@ -43,10 +43,8 @@ jobs:
         repository-url: https://test.pypi.org/legacy/
         skip-existing: true
         verbose: true
-        password: ${{ secrets.PUBLISH_TOKEN }}
     - name: Publish to pypi
       if: ${{ env.ENVNAME == 'pypi' }}
       uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # 1.13.0
       with:
         verbose: true
-        password: ${{ secrets.PUBLISH_TOKEN }}