ci: allow auto releasing to pypi

[aqeelat]

No description provided.

[nicoddemus]

I believe this if is not necessary, given the trigger is already push on tags?

on:
  push:
    tags:
    - '*'

[aqeelat]

I copied it from the default Jazzband template. I'll read more about it to confirm.
https://github.com/jazzband/django-auditlog/blob/master/.github/workflows/release.yml

[aqeelat]

@nicoddemus Should I use this event instead?

on:
  release:
    types: [published]

https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release

[aqeelat]

Yeah, I think using on release and ditching the if statement is the best and simplest approach.
https://docs.github.com/en/actions/learn-github-actions/contexts#github-context

[nicoddemus]

Never used this option, but seems reasonable to require a release rather than a direct tag.

Other repos might do the other way around: push a tag, and one of the things done at the end of the workflow after uploading the package to PyPI is creating a release.

[graingert]

3.7 is eol

[nicoddemus]

Just occurred to me we should have a RELEASING.rst file (or similar) in the root which documents how the release process works. Nothing fancy mind you, see pytest-mock for example.

[flub]

I agree that a RELEASING.rst file would be great.

But this looks great! Thanks for looking into it.

[flub]

I think the publish action recommends building without this permission to minimise access to this permission. I guess that means adding a separate job for the building and passing the build output along as artefacts?

[nicoddemus]

If @aqeelat wants to go with that route, see how pytest-mock does it: https://github.com/pytest-dev/pytest-mock/blob/fcde66b13d09cb5507fe7e4f35e171adaf22994d/.github/workflows/deploy.yml#L13-L25

(we also build the package using @hynek's excellent build-and-inspect-python-package action).

[flub]

since pypi seems to recommend an environment for this, i've created a release environment. can you set this deploy to use that environment as well?
https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#using-an-environment

[hugovk]

Couple of minor suggestions, very nice to see Trusted Publishing being used here :)

[flub]

I switched the repo branch from master to main and somehow this got auto-closed. I also can't edit the target branch anymore in the github UI nor re-open it.

@aqeelat could you please re-open this PR? It would be really nice to have.