From 1b957e43208ccd43941f9c8f75a05f8cd18a8d2e Mon Sep 17 00:00:00 2001
From: Oscar Benjamin <oscar.j.benjamin@gmail.com>
Date: Sun, 5 Apr 2026 13:34:41 +0100
Subject: [PATCH] actions: use environment scoped secret for nightly wheels

---
 .github/workflows/buildwheel.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/buildwheel.yml b/.github/workflows/buildwheel.yml
index efb69176..6bcafc81 100644
--- a/.github/workflows/buildwheel.yml
+++ b/.github/workflows/buildwheel.yml
@@ -438,6 +438,8 @@ jobs:
     # Run on push/merge to main
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
+    environment:
+      name: anaconda_nightly
     permissions: {}
 
     steps:
@@ -457,7 +459,7 @@ jobs:
           artifacts_path: dist
           # This token is generated from anaconda.org
           # https://github.com/scientific-python/upload-nightly-action/issues/111
-          anaconda_nightly_upload_token: ${{ secrets.ANACONDA_ORG_UPLOAD_TOKEN }} # zizmor: ignore[secrets-outside-env]
+          anaconda_nightly_upload_token: ${{ secrets.ANACONDA_ORG_UPLOAD_TOKEN_V2 }}
 
   # Deploy wheels and sdist to PyPI