Open
Description
The PyPI Upload step in the Deploy job of the CI pipeline currently uses an API token to upload packages to PyPI. The CI step emits the following warning:
Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
It is to be decided whether the API token should be kept or PyPI should be configure to trust the GitHub OIDC token, instead.