diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d4aa82160..1da049603 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,15 +7,29 @@ on:
 
 jobs:
   release:
-    if: github.repository == 'python-gitlab/python-gitlab'
+    if: github.repository == 'nejch/python-gitlab' # testing via test.pypi.org first
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    environment: test.pypi.org # testing via test.pypi.org first
     steps:
     - uses: actions/checkout@v3.5.0
       with:
         fetch-depth: 0
         token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
+    - name: mint API token
+      id: mint-token
+      run: |
+        resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi")
+        oidc_token=$(jq '.value' <<< "${resp}")
+
+        resp=$(curl -X POST https://test.pypi.org/_/oidc/github/mint-token -d "{\"token\":${oidc_token}}")
+        api_token=$(jq '.token' <<< "${resp}" | tr -d '"')
+
+        echo "::add-mask::${api_token}"
+        echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
     - name: Python Semantic Release
       uses: relekang/python-semantic-release@v7.33.2
       with:
         github_token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
-        pypi_token: ${{ secrets.PYPI_TOKEN }}
+        pypi_token: ${{ steps.mint-token.outputs.api-token }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9c1d09321..7b4612437 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,28 @@
 
 <!--next-version-placeholder-->
 
+## v3.15.4 (2023-04-30)
+### Fix
+* **ci:** Clean up release script ([`57f1e3a`](https://github.com/nejch/python-gitlab/commit/57f1e3ad57e09443c8d512d733a7861408eb38e6))
+
+## v3.15.3 (2023-04-30)
+### Fix
+* **ci:** Use upstream script ([`e8d25d3`](https://github.com/nejch/python-gitlab/commit/e8d25d3962e02a54a1b56b154c7e2d8fa04e4821))
+
+## v3.15.2 (2023-04-30)
+### Fix
+* **ci:** Fix echo ([`84de8e0`](https://github.com/nejch/python-gitlab/commit/84de8e0175a4557998a065188ad7739e61e76ab0))
+* **ci:** Debug tokens ([`ccf4a51`](https://github.com/nejch/python-gitlab/commit/ccf4a51ffb4784ae14b9d561e04974ed09260342))
+
+## v3.15.1 (2023-04-30)
+### Fix
+* **ci:** Strip quotes from minted token ([`0432dab`](https://github.com/nejch/python-gitlab/commit/0432dab046aab88ea6bd988d5ecb5384380a2f41))
+
+## v3.15.0 (2023-04-29)
+### Feature
+* **ci:** Switch to OIDC publishing ([`ea5af31`](https://github.com/nejch/python-gitlab/commit/ea5af31b2a7ec27a7b0df0b4981c5b63b7a1cb93))
+* Usernames support for MR approvals ([`a2b8c8c`](https://github.com/nejch/python-gitlab/commit/a2b8c8ccfb5d4fa4d134300861a3bfb0b10246ca))
+
 ## v3.14.0 (2023-04-11)
 ### Feature
 * **projects:** Allow importing additional items from GitHub ([`ce84f2e`](https://github.com/python-gitlab/python-gitlab/commit/ce84f2e64a640e0d025a7ba3a436f347ad25e88e))
diff --git a/gitlab/_version.py b/gitlab/_version.py
index 802275d6d..42d7d168d 100644
--- a/gitlab/_version.py
+++ b/gitlab/_version.py
@@ -3,4 +3,4 @@
 __email__ = "gauvainpocentek@gmail.com"
 __license__ = "LGPL3"
 __title__ = "python-gitlab"
-__version__ = "3.14.0"
+__version__ = "3.15.4"
diff --git a/pyproject.toml b/pyproject.toml
index 520c03d65..e3ff41960 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -30,6 +30,7 @@ branch = "main"
 version_variable = "gitlab/_version.py:__version__"
 commit_subject = "chore: release v{version}"
 commit_message = ""
+repository = "testpypi" # testing via test.pypi.org first
 
 [tool.pylint.messages_control]
 max-line-length = 88