Update CI files for branch main

.github/workflows/publish.yml

@@ -23,40 +23,20 @@ jobs:
     runs-on: "ubuntu-latest"
     needs:
       - "build"
-
-    env:
-      GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+    environment:
+      name: "pypi"
+      url: "https://pypi.org/p/pulp-certguard"
+    permissions:
+      id-token: "write"
 
     steps:
-      - uses: "actions/checkout@v4"
-        with:
-          fetch-depth: 1
-          path: "pulp-certguard"
-
       - uses: "actions/download-artifact@v4"
         with:
           name: "plugin_package"
-          path: "pulp-certguard/dist/"
-
-      - uses: "actions/setup-python@v5"
-        with:
-          python-version: "3.11"
+          path: "dist/"
 
-      - name: "Install python dependencies"
-        run: |
-          echo ::group::PYDEPS
-          pip install twine
-          echo ::endgroup::
-
-      - name: "Setting secrets"
-        run: |
-          python3 .github/workflows/scripts/secrets.py "$SECRETS_CONTEXT"
-        env:
-          SECRETS_CONTEXT: "${{ toJson(secrets) }}"
-
-      - name: "Deploy plugin to pypi"
-        run: |
-          .github/workflows/scripts/publish_plugin_pypi.sh ${{ github.ref_name }}
+      - name: "Publish package to PyPI"
+        uses: pypa/gh-action-pypi-publish@release/v1
 
   create-gh-release:
     runs-on: "ubuntu-latest"
@@ -97,14 +77,16 @@ jobs:
 
       - name: "Create release on GitHub"
         uses: "actions/github-script@v7"
+        env:
+          RELEASE_BODY: ${{ steps.get_release_notes.outputs.body }}
         with:
           script: |
-            const { TAG_NAME } = process.env;
+            const { TAG_NAME, RELEASE_BODY } = process.env;
 
             await github.rest.repos.createRelease({
               owner: context.repo.owner,
               repo: context.repo.repo,
               tag_name: TAG_NAME,
-              body: `${{ steps.get_release_notes.outputs.body }}`,
+              body: RELEASE_BODY,
               make_latest: "legacy",
             });