From 1f9757b1bbdf775390886fd4a5d5cf2c0db9ac32 Mon Sep 17 00:00:00 2001
From: Hynek Schlawack <hs@ox.cx>
Date: Fri, 13 Dec 2024 07:23:31 +0100
Subject: [PATCH] Limit token scope in example

fixes #151
---
 README.md | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 87e0768..94ec139 100644
--- a/README.md
+++ b/README.md
@@ -76,18 +76,29 @@ To also upload to PyPI:
 
 ```yaml
 jobs:
-  check-publish-package:
-    name: Build, inspect, and upload our package to PyPI.
+  build-package:
+    name: Build and inspect package.
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
       - uses: hynek/build-and-inspect-python-package@v2
-        id: build
+
+
+  upload-to-pypi:
+    name: Upload prebuilt package to PyPI
+    needs: build-package
+    runs-on: ubuntu-latest
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing, but
+      # should NOT be granted anywhere else!
+       id-token: write
+
+    steps:
       - name: Download built artifact to dist/
         uses: actions/download-artifact@v4
         with:
-          name: ${{ steps.build.outputs.artifact-name }}
+          name: Packages
           path: dist
       - uses: pypa/gh-action-pypi-publish@release/v1
 ```