From 69b005187b8437cd5e84d826e27fdb1ac03279fb Mon Sep 17 00:00:00 2001
From: Gleb Kanterov <gleb.kanterov@databricks.com>
Date: Wed, 9 Apr 2025 15:51:52 +0200
Subject: [PATCH 1/4] [Python] Add release workflow

---
 .github/workflows/release.yml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 412965dbd6..799ef4a743 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -153,3 +153,35 @@ jobs:
                 version: "${{ env.VERSION }}",
               }
             });
+
+  pypi-publish:
+    runs-on:
+      group: databricks-deco-testing-runner-group
+      labels: ubuntu-latest-deco
+
+    needs: goreleaser
+
+    environment: release
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+      - name: Checkout repository and submodules
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@0c5e2b8115b80b4c7c5ddf6ffdd634974642d182 # v5.4.1
+        with:
+          version: "0.6.5"
+
+      - name: Build wheel
+        working-directory: experimental/python
+        run: make dist
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
+        with:
+          packages-dir: experimental/python/dist

From 76e17e7b44e0081d03446aca1b2349c585bd57e4 Mon Sep 17 00:00:00 2001
From: Gleb Kanterov <gleb.kanterov@databricks.com>
Date: Tue, 15 Apr 2025 15:51:38 +0200
Subject: [PATCH 2/4] Add more comments

---
 .github/workflows/release.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 799ef4a743..d506cf4d0c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -161,9 +161,13 @@ jobs:
 
     needs: goreleaser
 
+
+    # IMPORTANT: 
+    # - 'id-token: write' is mandatory for OIDC and trusted publishing to PyPi
+    # - 'environment: release' is checked by PyPi to protect from unwanted publishing
     environment: release
     permissions:
-      id-token: write  # IMPORTANT: mandatory for trusted publishing
+      id-token: write
 
     steps:
       - name: Checkout repository and submodules

From 3aecc7aa92d15b361dfcabab9b7f18d53e89258c Mon Sep 17 00:00:00 2001
From: Gleb Kanterov <kanterov@users.noreply.github.com>
Date: Tue, 15 Apr 2025 16:55:44 +0200
Subject: [PATCH 3/4] Update release.yml

---
 .github/workflows/release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d506cf4d0c..2d5f6855f6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -164,7 +164,9 @@ jobs:
 
     # IMPORTANT: 
     # - 'id-token: write' is mandatory for OIDC and trusted publishing to PyPi
-    # - 'environment: release' is checked by PyPi to protect from unwanted publishing
+    # - 'environment: release' is a part of OIDC assertion done by PyPi
+    #
+    # See: https://docs.pypi.org/trusted-publishers/creating-a-project-through-oidc/
     environment: release
     permissions:
       id-token: write

From 5f0f930d2fccddbfa499bbcd210db308e22d8391 Mon Sep 17 00:00:00 2001
From: Gleb Kanterov <gleb.kanterov@databricks.com>
Date: Tue, 15 Apr 2025 17:15:44 +0200
Subject: [PATCH 4/4] Fix whitespace

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2d5f6855f6..a3fa4cf9e6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -162,7 +162,7 @@ jobs:
     needs: goreleaser
 
 
-    # IMPORTANT: 
+    # IMPORTANT:
     # - 'id-token: write' is mandatory for OIDC and trusted publishing to PyPi
     # - 'environment: release' is a part of OIDC assertion done by PyPi
     #