fix broken(?) publish to pypi job #4

	name: Publish a wakepy release 📦

	'on':
	workflow_dispatch:
	push:
	# TODO: add this back
	# branches:
	# - latest-release

	jobs:

	build-and-test:
	uses: ./.github/workflows/build-and-run-tests.yml

	sign-artifacts:
	name: Sign artifacts ✍️🔒
	needs: build-and-test
	runs-on: ubuntu-latest
	permissions:
	id-token: write # Required for OIDC. See: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: wakepy-python-packages
	path: ./dist/
	- uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 #v2.1.1
	with:
	inputs: >-
	./dist/*.tar.gz
	./dist/*.whl
	- uses: actions/upload-artifact@v4
	with:
	name: signed-wakepy-python-packages
	path: ./dist/.
	if-no-files-found: error
	retention-days: 1

	publish-to-pypi:
	name: Publish wakepy to PyPI
	# only publish to PyPI on tag pushes
	# if: startsWith(github.ref, 'refs/tags/')
	needs: sign-artifacts
	runs-on: ubuntu-latest
	environment:
	name: pypi
	url: https://pypi.org/p/wakepy
	permissions:
	id-token: write # mandatory for trusted publishing
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: signed-wakepy-python-packages
	path: ./dist/
	- name: Publish distribution 📦 to PyPI
	uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 #v1.8.14
	with:
	print-hash: true

Provide feedback