Convert publishing workflows to trusted publishers

Author: sirosen

.github/workflows/publish_to_pypi.yaml

@@ -7,6 +7,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    environment: publish
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
@@ -19,5 +22,3 @@ jobs:
 
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}

.github/workflows/publish_to_test_pypi.yaml

@@ -14,6 +14,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    environment: publish-testpypi
+    permissions:
+      id-token: write
 
     steps:
       - uses: actions/checkout@v3
@@ -36,5 +39,4 @@ jobs:
       - name: Publish to TestPyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/