From 8b05c052096ed350af67338fa40a98c6fa215438 Mon Sep 17 00:00:00 2001
From: Kattyan <hello@kattyan.dev>
Date: Fri, 20 Feb 2026 16:08:47 +0900
Subject: [PATCH] ci: use trusted publishing for crates.io

---
 .github/workflows/release.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0b771b7..c7a9a39 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -90,10 +90,16 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v6
       - uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7
+      - name: Authenticate with crates.io
+        id: auth
+        uses: rust-lang/crates-io-auth-action@b7e9a28eded4986ec6b1fa40eeee8f8f165559ec # v1.0.3
       - name: Publish
         run: cargo publish
         env:
-          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}