set up trusted publishing for PyPI uploads

Signed-off-by: Lance-Drane <Lance-Drane@users.noreply.github.com>

Author: Lance-Drane

.github/workflows/publish.yml

@@ -6,14 +6,16 @@ on:
       - "v[0-9]+.[0-9]+.[0-9]+*"
   workflow_dispatch:
 
-permissions:
-  contents: write
-  id-token: write
-
 jobs:
-  build:
+  publish:
     if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write
+    environment:
+      name: pypi
+      url: https://pypi.org/p/intersect-sdk-common
     steps:
       - uses: actions/checkout@v4
       - name: Setup UV
@@ -23,9 +25,9 @@ jobs:
       - name: "Build package"
         run: uv build
       - name: Publish package to PyPI
-        env:
-          UV_PUBLISH_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
-        run: uv publish --username __token__ --publish-url https://upload.pypi.org/legacy/
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://upload.pypi.org/legacy/
       - name: upload to github release
         uses: docker://antonyurchenko/git-release:v5
         env: