From fe15b9fbcaebfee6400d2ccc44577f305afdf4ad Mon Sep 17 00:00:00 2001
From: Preocts <preocts@preocts.com>
Date: Sat, 31 May 2025 14:03:25 -0400
Subject: [PATCH] Create trusted publishing workflow for pypi

---
 .github/workflows/pypi-publish.yml | 56 ++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 .github/workflows/pypi-publish.yml

diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
new file mode 100644
index 0000000..3a4b211
--- /dev/null
+++ b/.github/workflows/pypi-publish.yml
@@ -0,0 +1,56 @@
+name: "Publish Python distribution to PyPI"
+# Uses:
+# https://github.com/actions/setup-python : 0b93645e9fea7318ecaed2b359559ac225c90a2b
+# https://github.com/actions/checkout : 11bd71901bbe5b1630ceea73d27597364c9af683
+# https://github.com/actions/download-artifact : fa0a91b85d4f404e444e00e005971372dc801d1c6
+# https://github.com/actions/upload-artifact : 6f51ac03b9356f520e9adb1b1b7802705f340c2b
+# https://github.com/actions/pypa/gh-action-pypi-publish : 76f52bc884231f62b9a034ebfe128415bbaabdfc
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: "Build distribution"
+    runs-on: "ubuntu-latest"
+
+    steps:
+      - uses: "actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683"
+        with:
+          persist-credentials: false
+
+      - name: "Set up Python"
+        uses: "actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b"
+        with:
+          python-version: "3.12"
+
+      - name: "Build the package"
+        run: "python -m pip install nox; nox --session build"
+
+      - name: "Store the distribution packages"
+        uses: "actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b"
+        with:
+          name: "python-package-distributions"
+          path: "dist/"
+
+  publish-to-pypi:
+    name: "Publish Python Distribution to PyPI"
+    if: startsWith(github.ref, 'refs/tags/')
+    needs: ["build"]
+    runs-on: "ubuntu-latest"
+    environment:
+      name: "pypi"
+      url: "https://pypi.org/p/commented-configparser"
+    permissions:
+      id-token: "write"
+
+    steps:
+      - name: "Download all the dists"
+        uses: "actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d1c6"
+        with:
+          name: "python-package-distributions"
+          path: "dist/"
+
+      - name: "Publish distribution to PyPI"
+        uses: "pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc"