Update code.yml for trusted publishing

Author: gilesknap

.github/workflows/code.yml

@@ -116,8 +116,13 @@ jobs:
     needs: [lint, dist, test]
     if: ${{ github.event_name == 'push' && github.ref_type == 'tag' }}
     runs-on: ubuntu-latest
-    env:
-      HAS_PYPI_TOKEN: ${{ secrets.PYPI_TOKEN != '' }}
+    permissions:
+      # this permission is mandatory for trusted publishing To PyPI
+      id-token: write
+      # If you also create a GitHub release in the same job then you also need this permission
+      contents: write
+    # Specify the GitHub Environment to publish to
+    environment: release
 
     steps:
       - name: Download wheel and lockfiles
@@ -149,5 +154,4 @@ jobs:
       - name: Publish to PyPI
         if: ${{ env.HAS_PYPI_TOKEN }}
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_TOKEN }}
+