From 83feae4eb2b043f63e710acdc2959143cb746fc8 Mon Sep 17 00:00:00 2001
From: Jesse Hills <3060199+jesserockz@users.noreply.github.com>
Date: Wed, 17 Apr 2024 16:55:13 +1200
Subject: [PATCH] Use trusted publishing token for pypi (#6545)

---
 .github/workflows/release.yml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2e1177d13f..72b06ab4fe 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -47,6 +47,9 @@ jobs:
     name: Build and publish to PyPi
     if: github.repository == 'esphome/esphome' && github.event_name == 'release'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
     steps:
       - uses: actions/checkout@v4.1.1
       - name: Set up Python
@@ -56,16 +59,11 @@ jobs:
       - name: Set up python environment
         env:
           ESPHOME_NO_VENV: 1
-        run: |
-          script/setup
-          pip install twine
+        run: script/setup
       - name: Build
         run: python setup.py sdist bdist_wheel
-      - name: Upload
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-        run: twine upload dist/*
+      - name: Publish
+        uses: pypa/gh-action-pypi-publish@v1.8.14
 
   deploy-docker:
     name: Build ESPHome ${{ matrix.platform }}