Trusted publisher for PyPI

Author: zliang-akamai

.github/workflows/release.yml

@@ -79,7 +79,11 @@ jobs:
             github_token=${{ secrets.GITHUB_TOKEN }}
 
   pypi-release:
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     runs-on: ubuntu-latest
+    environment: pypi-release
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -103,5 +107,3 @@ jobs:
 
       - name: Publish the release artifacts to PyPI
         uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # pin@release/v1.12.4
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}