Update release GH action to be more secure

Author: timvink

.github/workflows/pythonpublish.yml

@@ -1,12 +1,17 @@
 name: Upload Python Package
 
 on:
+  workflow_dispatch:
   release:
     types: [created]
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      id-token: write
     steps:
     - uses: actions/checkout@v4
       with:
@@ -19,6 +24,7 @@ jobs:
       run: |
         python -m pip install --upgrade pip
         pip install setuptools wheel twine
+
     - name: Make sure unit tests succeed
       run: |
         git config --global user.name "Github Action"
@@ -27,15 +33,17 @@ jobs:
         pip install mkdocs-material
         pip install .
         pytest
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+
+
+    - name: Build
       run: |
         python setup.py sdist bdist_wheel
-        twine upload dist/*
+
+    # See https://docs.pypi.org/trusted-publishers/using-a-publisher/
+    - name: Publish package distributions to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
 
     - name: Deploy mkdocs site
       run: | 
         pip install mkdocs-git-authors-plugin
-        mkdocs gh-deploy --force
+        mkdocs gh-deploy --force