Update PyPI to trusted publisher (#16709)

.github/workflows/publish.yml

@@ -17,6 +17,8 @@ jobs:
     if: github.repository == 'ultralytics/ultralytics' && github.actor == 'glenn-jocher'
     name: Publish
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # for PyPI trusted publishing
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -85,12 +87,13 @@ jobs:
           if publish:
               print('Ready to publish new version to PyPI ✅.')
         id: check_pypi
+      - name: Build package
+        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
+        run: python -m build
       - name: Publish to PyPI
         continue-on-error: true
-        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true')  && steps.check_pypi.outputs.increment == 'True'
-        run: |
-          python -m build
-          python -m twine upload dist/* -u __token__ -p ${{ secrets.PYPI_TOKEN }}
+        if: (github.event_name == 'push' || github.event.inputs.pypi == 'true') && steps.check_pypi.outputs.increment == 'True'
+        uses: pypa/gh-action-pypi-publish@release/v1
       - name: Publish new tag
         if: (github.event_name == 'push' || github.event.inputs.pypi == 'true')  && steps.check_pypi.outputs.increment == 'True'
         run: |