24.8.0 (2024-08-29) #21

	name: Publish packages

	on:
	release:
	types: [released]

	# Allow only one concurrent deployment
	concurrency:
	group: "release"
	cancel-in-progress: false

	jobs:
	build-package:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/setup-python@v5
	with:
	python-version: "3.x"

	- name: Install dependencies
	run: python3 -m pip install tox tox-conda

	- uses: actions/cache@v4
	with:
	key: tox\|build-package\|${{ runner.os }}-${{ runner.arch}}\|${{ hashFiles('requirements/locks/*') }}
	path: .tox

	- name: Build package
	run: tox -e build-package

	- uses: actions/upload-artifact@v4
	with:
	name: packages
	path: dist/
	retention-days: 10
	if-no-files-found: error

	pypi-publish:
	name: Publish to PyPI
	runs-on: ubuntu-latest
	needs: build-package
	environment:
	name: release
	permissions:
	id-token: write
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: packages
	path: dist/

	# External actions are disabled via organization policies therefore we
	# must instead manually implement it.
	# https://docs.pypi.org/trusted-publishers/using-a-publisher/#the-manual-way
	# - name: Publish package distributions to PyPI
	# uses: pypa/gh-action-pypi-publish@release/v1

	- uses: actions/setup-python@v5
	with:
	python-version: "3.x"

	- name: Install dependencies
	run: python -m pip install twine

	- name: Check package metadata
	run: python -m twine check --strict dist/*

	- name: Upload to PyPI
	env:
	TWINE_USERNAME: __token__
	TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
	run: python3 -m twine upload --disable-progress-bar --verbose --non-interactive dist/*

Provide feedback