From 1b2ed4ba741f31f3316de8ca4f57fa6e13315c7f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 23 Apr 2026 20:34:54 +0000
Subject: [PATCH 1/3] Initial plan


From 90101afadf51e35895c5d8665e33bfc992ace473 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 23 Apr 2026 20:36:28 +0000
Subject: [PATCH 2/3] Add PyPI publishing workflow with separate build and
 publish jobs

Agent-Logs-Url: https://github.com/GitHubSecurityLab/seclab-taskflow-agent/sessions/6276aa76-c90b-41a1-9fc7-2b06e27aadfa

Co-authored-by: kevinbackhouse <4358136+kevinbackhouse@users.noreply.github.com>
---
 .github/workflows/publish-to-pypi.yml | 53 +++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 .github/workflows/publish-to-pypi.yml

diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
new file mode 100644
index 0000000..b4d4f4e
--- /dev/null
+++ b/.github/workflows/publish-to-pypi.yml
@@ -0,0 +1,53 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Hatch
+        run: pip install --upgrade hatch
+
+      - name: Build distribution packages
+        run: hatch build
+
+      - name: Upload distribution artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/seclab-taskflow-agent
+    permissions:
+      id-token: write  # Required for OIDC trusted publishing
+
+    steps:
+      - name: Download distribution artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

From 37d8edfa3bb7a4af2ab4d7c534fc8cda3db3106c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 12 May 2026 17:14:36 +0000
Subject: [PATCH 3/3] Rename publish-to-pypi.yml to publish-to-pypi.yaml

---
 .github/workflows/publish-to-pypi.yaml | 90 ++++++++++++--------------
 .github/workflows/publish-to-pypi.yml  | 53 ---------------
 2 files changed, 40 insertions(+), 103 deletions(-)
 delete mode 100644 .github/workflows/publish-to-pypi.yml

diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
index dbd9a00..b4d4f4e 100644
--- a/.github/workflows/publish-to-pypi.yaml
+++ b/.github/workflows/publish-to-pypi.yaml
@@ -1,63 +1,53 @@
 name: Publish to PyPI
 
 on:
-  push:
-    tags:
-      - v[0-9]+.[0-9]+.[0-9]+
+  release:
+    types: [published]
 
 jobs:
-  publish:
-    name: Build
+  build:
+    name: Build distribution
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install Hatch
+        run: pip install --upgrade hatch
 
-    # This environment is required as an input to pypa/gh-action-pypi-publish
+      - name: Build distribution packages
+        run: hatch build
+
+      - name: Upload distribution artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    needs: build
+    runs-on: ubuntu-latest
     environment:
       name: pypi
       url: https://pypi.org/p/seclab-taskflow-agent
-
-    env:
-      GITHUB_REPO: ${{ github.repository }}
-
     permissions:
-      contents: write
-      id-token: write  # For trusted publishing
-      attestations: write  # For artifact attestation
+      id-token: write  # Required for OIDC trusted publishing
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      with:
-        persist-credentials: false
-
-    - name: Set up Python
-      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c # v6.0.0
-      with:
-        python-version: "3.13"
-
-    - name: Install Hatch
-      run: pip install --upgrade hatch
-
-    - name: Build the wheel
-      run: python3 -m hatch build
-
-    - name: Attest build provenance
-      uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f # v3.2.0
-      with:
-        subject-path: ./dist/*
-
-    - name: Upload artifacts
-      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
-      with:
-        name: python-package-distributions
-        path: ./dist/
-
-    - name: Publish to PyPI
-      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-      with:
-        verbose: true
-
-    - name: Create GitHub Release
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        RELEASE_NAME: ${{ github.ref_name }}
-      run: gh release create $RELEASE_NAME dist/* --repo $GITHUB_REPO --generate-notes
+      - name: Download distribution artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
deleted file mode 100644
index b4d4f4e..0000000
--- a/.github/workflows/publish-to-pypi.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-name: Publish to PyPI
-
-on:
-  release:
-    types: [published]
-
-jobs:
-  build:
-    name: Build distribution
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-
-      - name: Install Hatch
-        run: pip install --upgrade hatch
-
-      - name: Build distribution packages
-        run: hatch build
-
-      - name: Upload distribution artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: python-package-distributions
-          path: dist/
-
-  publish-to-pypi:
-    name: Publish to PyPI
-    needs: build
-    runs-on: ubuntu-latest
-    environment:
-      name: pypi
-      url: https://pypi.org/p/seclab-taskflow-agent
-    permissions:
-      id-token: write  # Required for OIDC trusted publishing
-
-    steps:
-      - name: Download distribution artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: python-package-distributions
-          path: dist/
-
-      - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1