Used trusted publishers for testpypi publishing (#2320)

* remove `requirements`

`make install requirements` actually runs `make install`

* used trusted publishers for testpypi

* clean all caches

* remove blocking push check

* use `build`

* add descriptive names

* add trusted publishing for PyPI

* Revert "add trusted publishing for PyPI"

This reverts commit 20aeef4.

.github/workflows/publish-testpypi.yml

@@ -8,7 +8,8 @@ on:
     - cron: "0 0 * * *"
 
 jobs:
-  deploy:
+  build:
+    name: Build Mitiq
     if: github.repository_owner == 'unitaryfund'
     runs-on: ubuntu-latest
     steps:
@@ -21,29 +22,55 @@ jobs:
       - name: Install Python dependencies
         run: |
           python -m pip install --upgrade pip
-          make install requirements
-          pip install setuptools wheel twine
-      - name: Build and publish
-        env:
-          TWINE_USERNAME: ${{ secrets.TESTPYPI_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TESTPYPI_PASSWORD }}
+          pip install build
+      - name: Build mitiq
+        run: python -m build
+      - name: Store build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build
+          path: dist/*
+
+  test-publish:
+    name: Upload release to test PyPi
+    runs-on: ubuntu-latest
+    needs: build
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/mitiq/
+    permissions:
+      id-token: write
+    steps:
+      - name: Fetch build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: build
+          path: dist/
+      - name: Publish package distributions to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  verify-version:
+    needs: test-publish
+    runs-on: ubuntu-latest
+    environment: testpypi
+    steps:
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install package from TestPyPI
+        run: pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.python.org/simple/ mitiq
+      - name: Set version variable
         run: |
-          python setup.py sdist bdist_wheel
-          twine upload --repository testpypi dist/*
+          VER=$(cat VERSION.txt)
+          echo "VERSION=$VER" >> $GITHUB_ENV
 
-  # TODO: Need a way to get the version number from previous step
-  # download-test:
-  # runs-on: ubuntu-latest
-  # steps:
-  # - name: Check out mitiq
-  # uses: actions/checkout@v4
-  # - name: Set up Python
-  # uses: actions/setup-python@v5
-  # with:
-  # python-version: 3.8
-  # - name: Install Mitiq
-  # The ``--extra-index-url`` is necessary since otherwise ``TestPyPI``  would be
-  # looking for the required dependencies therein, but we want it to install them
-  # from the real PyPI channel.
-  #   run: |
-  #     pip install -i https://test.pypi.org/simple/ --extra-index-url https://pypi.python.org/simple/ mitiq==x.y.z
+      - name: Verify the published version
+        run: |
+          TEST_IMPORT_VERSION=$(python -c "import mitiq; print(mitiq.__version__)")
+          if [ "$TEST_IMPORT_VERSION" != "$VERSION" ]; then
+            echo "Imported version $TEST_IMPORT_VERSION does not match tag $VERSION"
+            exit 1
+          fi

Makefile

@@ -25,7 +25,9 @@ check-types:
 clean:
 	rm -rf dist
 	rm -rf mitiq.egg-info
-	rm -rf .pytest_cache/
+	rm -rf .mypy_cache .pytest_cache .ruff_cache
+	rm -rf htmlcov coverage.xml .coverage
+	rm -rf .ipynb_checkpoints
 
 .PHONY: dist
 dist:

docs/source/release.md

@@ -116,9 +116,8 @@ release Mitiq are:
 
 ```bash
 python -m pip install --upgrade pip
-make install requirements
-pip install setuptools wheel twine
-python setup.py sdist bdist_wheel
+pip install build twine
+python -m build
 twine upload dist/*
 ```