diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 09baafa..6cec1d7 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,14 +9,12 @@ jobs: name: "CI gate" uses: ./.github/workflows/ci.yml - publish: - name: "Build & publish" + build: + name: "Build" needs: ci runs-on: ubuntu-latest - environment: pypi permissions: - contents: read # required for actions/checkout - id-token: write # required for Trusted Publisher (OIDC) + contents: read steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 @@ -31,5 +29,46 @@ jobs: - name: Build sdist and wheel run: python -m build + - name: Upload dist artifacts + uses: actions/upload-artifact@ea165f8d65b6db9a6b7c67862cd61e31b2b2b817 # v4.6.2 + with: + name: dist + path: dist/ + + release: + name: "GitHub Release" + needs: build + runs-on: ubuntu-latest + permissions: + contents: write # required to create releases + steps: + - name: Download dist artifacts + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: dist + path: dist/ + + - name: Create GitHub Release + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 + with: + generate_release_notes: true + fail_on_unmatched_files: true + files: dist/* + + publish: + name: "Publish to PyPI" + needs: release + runs-on: ubuntu-latest + environment: pypi + permissions: + contents: read + id-token: write # required for Trusted Publisher (OIDC) + steps: + - name: Download dist artifacts + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: dist + path: dist/ + - name: Publish to PyPI uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 diff --git a/CHANGELOG.md b/CHANGELOG.md index b766306..c49b14e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added +- GitHub Release step in publish workflow — creates a release with auto-generated notes and artifacts before publishing to PyPI. + ## [0.3.0] - 2026-03-09 ### Added diff --git a/RELEASE.md b/RELEASE.md index e4cbf21..7bb253c 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -53,7 +53,8 @@ Pushing the `v*` tag triggers `.github/workflows/publish.yml`, which: 1. Runs the full CI suite (`make ci` equivalent) as a gate. 2. Builds the sdist and wheel with `python -m build`. -3. Publishes to PyPI using Trusted Publisher (OIDC — no API tokens stored). +3. Creates a GitHub Release with auto-generated notes and the built artifacts attached. +4. Publishes to PyPI using Trusted Publisher (OIDC — no API tokens stored). Monitor the workflow run at: