use trusted pypi without token

.github/workflows/release-ci.yml

@@ -71,13 +71,11 @@ jobs:
   pypi:
     needs: [ pyinstaller, nuitka, wheel ]
     runs-on: ubuntu-latest
-    steps:
-      - name: "Checkout"
-        uses: actions/checkout@v4
-
-      - name: "Set up Python environment"
-        uses: ./.github/actions/setup-python
+    environment: pypi
+    permissions:
+      id-token: write
 
+    steps:
       - name: "Download dcspy binaries"
         uses: actions/download-artifact@v4
         with:
@@ -91,8 +89,3 @@ jobs:
 
       - name: "Deploy to PyPI"
         uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_TOKEN }}
-          skip-existing: true
-          verbose: true