release.yml

# Build & Release
name: release

# Controls when the action will run.
on:
  # Publish package on main branch if it's tagged with 'v*'
  # Ref: https://github.community/t/run-workflow-on-push-tag-on-specific-branch/17519
  push:
    tags:
      - 'v*'

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:

# After you create the GitHub repo, head over to `pypi.org` and create
# an API Token, or use the link below:
#   <https://pypi.org/manage/account/token>
#
# Once you have an API token, add it as a Repository Secret (PYPI_API_TOKEN)
# under the GitHub repo, so that it can be used by GitHub Actions to deploy
# to `pypi.org` whenever a new tag is pushed to GitHub:
#   <https://github.com/rnag/py-secrets-cache/settings/secrets/actions/new>

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  # This workflow contains a single job called "build"
  release:
    name: Create Release
    runs-on: ubuntu-latest

    strategy:
      matrix:
        python-version: ['3.12']

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v4

      # Temporarily disable this - I want it to trigger on merge, but it doesn't
      # work (at least not on a tagged commit too)
#      - name: Exit if not on main branch
#        if: endsWith(github.ref, 'main') == false
#        run: exit -1

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v5
        with:
          python-version: ${{ matrix.python-version }}

      - name: Install uv
        uses: astral-sh/setup-uv@v3

      - name: Build package
        run: |
          uv pip install --system build
          uv build

      - name: Publish to PyPI
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          user: __token__
          password: ${{ secrets.PYPI_API_TOKEN }}