ci: add trusted publishers for release (#875)

Co-authored-by: pyansys-ci-bot <[email protected]>

Author: Revathyvenugopal162

.github/workflows/ci_cd_release.yml

@@ -168,14 +168,22 @@ jobs:
     needs: [changelog-deployment, build-library]
     runs-on: ubuntu-latest
     permissions:
+      id-token: write
       contents: write
     steps:
-      - name: "Release to the public PyPI repository"
-        uses: ansys/actions/release-pypi-public@1096998b81f7ebdea116b683e11f3a8bda759ca6 # v9.0.15
+      - name: "Download the library artifacts from build-library step"
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
-          library-name: ${{ env.PACKAGE_NAME }}
-          twine-username: "__token__"
-          twine-token: ${{ secrets.PYPI_TOKEN }}
+          name: ${{ env.PACKAGE_NAME }}-artifacts
+          path: ${{ env.PACKAGE_NAME }}-artifacts
+
+      - name: "Upload artifacts to PyPI using trusted publisher"
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
+        with:
+          repository-url: "https://upload.pypi.org/legacy/"
+          print-hash: true
+          packages-dir: ${{ env.PACKAGE_NAME }}-artifacts
+          skip-existing: false
 
       - name: "Release to GitHub"
         uses: ansys/actions/release-github@1096998b81f7ebdea116b683e11f3a8bda759ca6 # v9.0.15

doc/changelog/875.maintenance.md

@@ -0,0 +1 @@
+Add trusted publishers for release