The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.

Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers

A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

Setting DIST_EXTRA_CONFIG=C:\Users\runneradmin\AppData\Local\Temp\cibw-run-ydd3huw6\cp39-win_arm64\build\extra-setup.cfg for cross-compilation

Setting SETUPTOOLS_EXT_SUFFIX=.cp39-win_arm64.pyd for cross-compilation

Setting SETUPTOOLS_USE_DISTUTILS=local as it is required for cross-compilation