Secure release process #71
Description
What do you think about using the new trusted publisher mechanism?
https://docs.pypi.org/trusted-publishers/
I implemented that here https://github.com/Simulation-Decomposition/simdec-python/blob/main/.github/workflows/release.yaml
It's quite easy to setup and makes the release process very safe. In the above case, when I push a tag I then have to validate the workflow on GH to make it run and do the release.
You're still able to release manually with Twine and others, this just adds a safe way to release automagically on GH.