From 3dda74210b2dfdcb83b7b0fc82a27dc8a720e84e Mon Sep 17 00:00:00 2001
From: Anuraag Agrawal <anuraaga@gmail.com>
Date: Tue, 23 Sep 2025 09:56:25 +0900
Subject: [PATCH 1/3] Add id token to main CI for TestPyPi

Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
---
 .github/workflows/ci.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index d801a4c..dc98995 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,4 @@
 name: CI
-permissions:
-  contents: read
 on:
   push:
     branches:
@@ -8,6 +6,10 @@ on:
   pull_request:
   workflow_dispatch:
 
+permissions:
+  contents: read
+  id-token: write
+
 concurrency:
   # Cancel in-progress jobs for PRs only
   group: ${{ github.workflow }}-${{ github.ref == 'refs/heads/main' && github.sha || github.ref }}

From a8f0b6adeb2795b470568a39ff4bf21fa42d41c7 Mon Sep 17 00:00:00 2001
From: Anuraag Agrawal <anuraaga@gmail.com>
Date: Tue, 23 Sep 2025 09:57:43 +0900
Subject: [PATCH 2/3] Add attestations too

Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
---
 .github/workflows/ci.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index dc98995..b44ec58 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -8,6 +8,7 @@ on:
 
 permissions:
   contents: read
+  attestations: write
   id-token: write
 
 concurrency:

From f5c4d789759745f78d3bb0701b0d84224c3f87e1 Mon Sep 17 00:00:00 2001
From: Anuraag Agrawal <anuraaga@gmail.com>
Date: Tue, 23 Sep 2025 10:18:56 +0900
Subject: [PATCH 3/3] Remove sed

Signed-off-by: Anuraag Agrawal <anuraaga@gmail.com>
---
 .github/workflows/ci.yaml | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b44ec58..c04f254 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -104,14 +104,6 @@ jobs:
 
       - run: uv sync --frozen
 
-      - name: Modify package name for TestPyPI
-        run: |
-          # The 'connect-python' name is claimed on TestPyPI. No big
-          # deal, we can use a different name since this is just to test
-          # publishing really.
-          # TODO: Update now that this is in connectrpc
-          sed -i 's/name = "connect-python"/name = "firetiger-connect-python"/' pyproject.toml
-
       - run: uv build
 
       - name: build codegen archives
@@ -136,5 +128,6 @@ jobs:
         uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
         if: github.event_name != 'pull_request'
         with:
+          repository-url: https://test.pypi.org/legacy/
           packages-dir: protoc-gen-connect-python/dist
           skip-existing: true