rework publish workflow for trusted publisher

.github/workflows/publish_to_pypi.yml

@@ -1,48 +1,43 @@
+---
 name: Publish Pypi package
-
 on:
   workflow_call:
-
 jobs:
   publish_to_pypi:
     name: Publish Python 🐍 package 📦 to PyPI
     runs-on: ubuntu-latest
+    permissions:
+      # This permission is required for trusted publishing.
+      id-token: write
+      contents: read
     env:
       ZENML_DEBUG: 1
       ZENML_ANALYTICS_OPT_IN: false
-      PYTHONIOENCODING: 'utf-8'
-
+      PYTHONIOENCODING: utf-8
     steps:
-      - uses: actions/checkout@v3
-
+      - uses: actions/checkout@v4.1.1
       - name: Get the version from the github tag ref
         id: get_version
         run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
-
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5.0.0
         with:
           python-version: '3.8'
-
       - name: Install Poetry
-        uses: snok/install-poetry@v1
+        uses: snok/install-poetry@v1.3.4
         with:
           virtualenvs-create: true
           virtualenvs-in-project: true
-
       - name: Include latest dashboard
-        shell: bash
-        env:
-          TAG: v0.9.0
-        run: scripts/install-dashboard.sh
-
-      - name: publish
-        env:
-          PYPI_USERNAME: ${{ secrets.PYPI_USERNAME }}
-          PYPI_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
-        run: |
+        run: bash scripts/install-dashboard.sh
+      - name: Build package
+        run: poetry build
+      - name: Mint token
+        id: mint
+        uses: tschm/token-mint-action@v1.0.2
+      - name: Publish the package with poetry
+        run: |-
           if [ "$(cat src/zenml/VERSION)" = "$(echo ${GITHUB_REF} | sed 's|refs/tags/||g')" ];
-          then ./scripts/publish.sh;
+          then poetry publish -u __token__ -p '${{ steps.mint.outputs.api-token }}';
           else echo "Version mismatch between src/zenml/VERSION and branch tag" && exit 1;
           fi
-