Learn how to securely upload Python packages to PyPI from GitLab CI/CD pipelines using a “Trusted Publisher” (and without API tokens). Continuously test the release process with TestPyPI on every push. Use GitLab (deploy) environments as an additional security measure.

Conda, GitLab and Docker can be used to manage and publish non-OSS code, e.g. inside organizations. You need some additional tooling for a smooth user experience, though.