Merge pull request #2371 from jku/trusted-publisher

release: Use PyPI Trusted Publishing

Author: Lukas Pühringer

.github/workflows/cd.yml

@@ -92,6 +92,7 @@ jobs:
     environment: release
     permissions:
       contents: write # to modify GitHub releases
+      id-token: write # to authenticate as Trusted Publisher to pypi.org
     steps:
       - name: Fetch build artifacts
         uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
@@ -103,9 +104,6 @@ jobs:
         # Only attempt pypi upload in upstream repository
         if: github.repository == 'theupdateframework/python-tuf'
         uses: pypa/gh-action-pypi-publish@0bf742be3ebe032c25dd15117957dc15d0cfc38d
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}
 
       - name: Finalize GitHub release
         uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410