CU-869a3ycrj Trusted publisher for PyPI (#114)

* CU-869a3ycrj: Add permission to use ID token for trusted publisher

* CU-869a3ycrj: Use trusted publisher for test PyPI

* CU-869a3ycrj: [TEMP] Allow running of QA workflow during PR / branch push

* Revert "CU-869a3ycrj: [TEMP] Allow running of QA workflow during PR / branch push"

This reverts commit 5f872a0.

* CU-869a3ycrj: Use trusted publishing for trainer client release

Author: mart-r

.github/workflows/medcat-trainer_qa.yml

@@ -4,6 +4,9 @@ on:
   push:
     branches: [ main ]
 
+permissions:
+  id-token: write
+
 defaults:
   run:
     working-directory: ./medcat-trainer
@@ -47,9 +50,8 @@ jobs:
           python -m build
 
       - name: Publish dev distribution to Test PyPI
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.MEDCAT_TRAINER_TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
           packages_dir: medcat-trainer/client/dist
 

.github/workflows/medcat-trainer_release.yml

@@ -5,6 +5,9 @@ on:
     tags:
       - 'medcat-trainer/v*.*.*'  
 
+permissions:
+  id-token: write
+
 defaults:
   run:
     working-directory: ./medcat-trainer
@@ -50,10 +53,8 @@ jobs:
 
       - name: Publish production distribution to PyPI
         if: startsWith(github.ref, 'refs/tags') && ! github.event.release.prerelease
-        uses: pypa/gh-action-pypi-publish@v1.12.4
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          # TODO CU-869a25n7e Use Trusted Platform Publisher based PyPI release
-          password: ${{ secrets.PYPI_API_TOKEN }}
           packages_dir: medcat-trainer/client/dist
 
   # Build and test webapp container