You are a PyPI package maintainer, tasked with ensuring that only trusted code is published. Use the OpenID Connect standard to exchange short-lived identity tokens between a trusted third-party service and PyPI, and eliminate the need for long-lived passwords or API tokens. Configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP) and delegate trust to that identity. Then, release your code only from a specific GitHub Actions environment to further increase the security of your release workflows.