Release #3

	name: Release

	on:
	release:
	types: [ published ]
	workflow_dispatch:
	inputs:
	upload:
	description: 'Upload release to PyPI'
	required: false
	default: 'false'

	permissions:
	contents: read

	jobs:
	release-build:
	name: Build the release
	runs-on: ubuntu-latest

	permissions:
	contents: read
	id-token: write
	attestations: write

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Setup and Cache Python Poetry
	uses: packetcoders/[email protected]
	with:
	python-version: "3.12"
	poetry-version: "1.8.3"
	install-args: --all-extras

	- name: Package project
	run: poetry build

	- name: Sign build artifacts
	uses: actions/attest-build-provenance@v1
	with:
	subject-path: "dist/*"

	- name: Upload build artifacts
	uses: actions/upload-artifact@v4
	with:
	name: release-dists
	path: "dist/"

	pypi-publish:
	name: Publish to PyPI
	runs-on: ubuntu-latest
	needs: release-build
	if: ${{ (github.event.inputs.upload \|\| github.event.action == 'published') && github.event.release.draft == false }}

	permissions:
	contents: read
	id-token: write

	steps:
	- name: Retrieve release distributions
	uses: actions/download-artifact@v4
	with:
	name: release-dists
	path: dist/

	- name: Publish package distributions to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	attestations: true

Provide feedback