That process is described in the user documentation[1]: a project can have publishers added to it on PyPI's website, with each publishers' configuration specifying the necessary state for a trust relationship with a particular workflow in a particular GitHub repository.
Do you use the Github token to exchange for the PyPI token?