Update workflow to use PyPI Trusted Publisher framework (2nd try)

References:
* https://docs.pypi.org/trusted-publishers/using-a-publisher/

Signed-off-by: Alex Nelson <alexander.nelson@nist.gov>

Author: ajnelson-nist

.github/workflows/ci.yml

@@ -57,14 +57,3 @@ jobs:
       - name: Build Package
         run: |
           poetry build
-
-  pypi-publish:
-    needs: build
-    environment: release
-    permissions:
-      # IMPORTANT: this permission is mandatory for trusted publishing
-      # https://docs.pypi.org/trusted-publishers/using-a-publisher/
-      id-token: write
-    steps:
-      - name: Push to PyPi
-        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/publish.yml

@@ -0,0 +1,31 @@
+# Portions of this file contributed by NIST are governed by the
+# following statement:
+#
+# This software was developed at the National Institute of Standards
+# and Technology by employees of the Federal Government in the course
+# of their official duties. Pursuant to Title 17 Section 105 of the
+# United States Code, this software is not subject to copyright
+# protection within the United States. NIST assumes no responsibility
+# whatsoever for its use by other parties, and makes no guarantees,
+# expressed or implied, about its quality, reliability, or any other
+# characteristic.
+#
+# We would appreciate acknowledgement if the software is used.
+
+# This file was started from template code from:
+# https://docs.pypi.org/trusted-publishers/using-a-publisher/
+
+name: Publish
+
+jobs:
+  pypi-publish:
+    name: Upload release to PyPI
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      # IMPORTANT: this permission is mandatory for trusted publishing
+      # https://docs.pypi.org/trusted-publishers/using-a-publisher/
+      id-token: write
+    steps:
+      - name: Push to PyPi
+        uses: pypa/gh-action-pypi-publish@release/v1