CI: publish without token

[hombit]

Make out publishing pipeline using PyPI's "Trusted Publisher Management" instead of token authorization

[Copilot]

Pull request overview

This pull request updates the CI/CD pipeline to use PyPI's Trusted Publisher Management for publishing wheels, removing the need for storing a PYPI_API_TOKEN secret.

Changes:

• Removed token-based authentication (user and password parameters) from the PyPI publish action in the wheels workflow

Comments suppressed due to low confidence (1)

.github/workflows/wheels.yml:76

• The publish job is missing required permissions and environment settings for PyPI's Trusted Publisher Management. Add permissions: id-token: write to the job (required for OIDC token generation) and optionally configure an environment to better control deployments. Without the id-token: write permission, the publishing step will fail with an authentication error.

  publish:
    needs: [ build_wheels, make_sdist ]
    runs-on: ubuntu-latest

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codspeed-hq]

Merging this PR will improve performance by ×18

🎉 Hooray! pytest-codspeed just leveled up to 4.2.0!

A heads-up, this is a breaking change and it might affect your current performance baseline a bit. But here's the exciting part - it's packed with new, cool features and promises improved result stability 🥳!
Curious about what's new? Visit our releases page to delve into all the awesome details about this new version.

⚡ 44 improved benchmarks
✅ 3 untouched benchmarks
⏩ 4 skipped benchmarks¹

Performance Changes

	Mode	Benchmark	BASE	HEAD	Efficiency
⚡	Simulation	test_benchmark_fit_known	266.8 ms	92 ms	×2.9
⚡	Simulation	test_benchmark_feature_signature[128]	555.7 µs	406.9 µs	+36.56%
⚡	Simulation	test_benchmark_feature_signature[2]	563.4 µs	416.6 µs	+35.24%
⚡	Simulation	test_benchmark_fit_sklearn[1024]	5.3 s	4.3 s	+22.63%
⚡	Simulation	test_benchmark_fit_sklearn[128]	668.1 ms	545.2 ms	+22.54%
⚡	Simulation	test_benchmark_score_samples[2-64-1]	223.8 µs	112.2 µs	+99.48%
⚡	Simulation	test_benchmark_score_samples[1-128-1024]	9.8 ms	8.3 ms	+18.36%
⚡	Simulation	test_benchmark_score[1024]	8.5 ms	7 ms	+22.69%
⚡	Simulation	test_benchmark_score_samples[2-64-1048576]	5.5 s	5 s	+10.02%
⚡	Simulation	test_benchmark_score[1048576]	8.4 s	6.9 s	+21.07%
⚡	Simulation	test_benchmark_score_samples[4-128-1024]	11 ms	8.3 ms	+31.92%
⚡	Simulation	test_benchmark_score_samples[4-128-32]	2,930.5 µs	455.2 µs	×6.4
⚡	Simulation	test_benchmark_score_samples[4-128-1]	240.7 µs	127.1 µs	+89.41%
⚡	Simulation	test_benchmark_score_samples[1-64-1024]	5.6 ms	4.8 ms	+17.66%
⚡	Simulation	test_benchmark_score_samples[1-128-1048576]	9.7 s	8.3 s	+17.34%
⚡	Simulation	test_benchmark_score_samples[4-128-1048576]	9.7 s	8.8 s	+10.78%
⚡	Simulation	test_benchmark_score_samples[1-128-1]	264.8 µs	127.6 µs	×2.1
⚡	Simulation	test_benchmark_score_samples[1-256-1048576]	17.9 s	15 s	+19.39%
⚡	Simulation	test_benchmark_score_samples[2-64-32]	558.6 µs	294.5 µs	+89.69%
⚡	Simulation	test_benchmark_score_samples[1-256-1]	276.2 µs	158.8 µs	+73.86%
...	...	...	...	...	...

ℹ️ Only the first 20 benchmarks are displayed. Go to the app to view all benchmarks.

---

_{Comparing ci-no-publish-token (8e76079) with master (c78dece)²}

Footnotes

1. 4 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on master (8e76079) during the generation of this report, so c78dece was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩