diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..df4d15b3
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 86d6a264..b1a0bc54 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,19 +5,26 @@ on:
     types: [created]
 
 jobs:
-  Publish:
+  publish:
+    name: Publish Release
+    environment: release
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
     - uses: actions/checkout@v3
       with:
         fetch-depth: 0
+
     - name: Set up Python
       uses: actions/setup-python@v4
       with:
         python-version: 3.9
+
     - name: Install Nox
       run: |
         python -m pip install nox
+
     - name: Build a binary wheel and a source tarball
       run: |
         nox -e build
@@ -25,6 +32,6 @@ jobs:
     - name: Publish distribution 📦 to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.PYPI_TOKEN }}
-        print_hash: true
+        print-hash: true
+        skip-existing: true
+        verify-metadata: true
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index d57760ce..70beeb2c 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -99,7 +99,7 @@ jobs:
       run: |
         nox --force-color -e lint --install-only
 
-    - name: Build Docs
+    - name: Lint Code
       env:
         SKIP_REQUIREMENTS_INSTALL: YES
       run: |
@@ -435,6 +435,9 @@ jobs:
 
   Build:
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     needs:
       - Docs
       - PyLint
@@ -463,7 +466,7 @@ jobs:
       if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
-        user: __token__
-        password: ${{ secrets.TEST_PYPI_TOKEN }}
-        repository_url: https://test.pypi.org/legacy/
-        print_hash: true
+        repository-url: https://test.pypi.org/legacy/
+        print-hash: true
+        skip-existing: true
+        verify-metadata: true
diff --git a/changelog/151.trivial.rst b/changelog/151.trivial.rst
new file mode 100644
index 00000000..cbe750bb
--- /dev/null
+++ b/changelog/151.trivial.rst
@@ -0,0 +1,4 @@
+Some internal processes improvements:
+
+* Publish packages to PyPi with trusted publishers
+* Enable dependabot to update the GH Actions versions on a weekly basis