Pypi Trusted Publisher

Author: ticosax

.github/workflows/release.yml

@@ -8,6 +8,9 @@ jobs:
   build:
     if: github.repository == 'jazzband/django-fsm-log'
     runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v6
@@ -29,12 +32,6 @@ jobs:
           uv build
           uvx twine check dist/*
 
-      - name: Upload packages to Jazzband
+      - name: Upload packages to Pypi
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: jazzband
-          password: ${{ secrets.JAZZBAND_RELEASE_KEY }}
-          attestations: false
-          repository-url: https://jazzband.co/projects/django-fsm-log/upload
-          verbose: true

README.md

@@ -14,7 +14,11 @@ by enabling a cached backend. See [Advanced Usage](#advanced-usage)
 
 ## Changelog
 
-## 5.0.1 ( 2026-01-27 )
+## 5.0.2 ( 2026-01-27 )
+
+- Try to publish straight to pypi thanks to oicd trusted publishing process
+
+## 5.0.1 ( :x: )
 
 - switch from setuptools to hatchling