GHA/pypi: trusted publishing (#208)

No need for long-lived API tokens anymore. see https://docs.pypi.org/trusted-publishers/

Author: dweindl

.github/workflows/deploy.yml

@@ -7,6 +7,11 @@ on:
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/sbmlmath
+    permissions:
+      id-token: write
 
     steps:
     - name: Check out repository
@@ -15,14 +20,12 @@ jobs:
       uses: actions/setup-python@v4
       with:
         python-version: 3.11
-    - name: Install dependencies
+
+    - name: Install dependencies / build sdist
       run: |
         python -m pip install --upgrade pip
-        pip install setuptools wheel twine
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-      run: |
-        python setup.py sdist bdist_wheel
-        twine upload dist/*
+        pip install setuptools wheel build
+        python -m build -s
+
+    - name: Publish a Python distribution to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1