From a372814bf79d47628e66ca9a91072f53fba032f8 Mon Sep 17 00:00:00 2001
From: Delgan <delgan.py@gmail.com>
Date: Wed, 4 Dec 2024 18:58:18 +0100
Subject: [PATCH] Configure "trusted publishing" in Github workflow

The TestPyPI isn't configured because it's kind of unusable in the CI
(since we can only upload package files once per version, and the
"skip-existing" parameter isn't recommended).
---
 .github/workflows/packaging.yml | 26 ++++++++++++++++++++++++--
 .github/workflows/release.yml   | 27 ---------------------------
 tox.ini                         | 13 ++-----------
 3 files changed, 26 insertions(+), 40 deletions(-)
 delete mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index c4545b53..d6f6e14a 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -3,7 +3,7 @@ name: Packaging
 on: [push, pull_request]
 
 jobs:
-  packaging:
+  build:
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     runs-on: ubuntu-22.04
     steps:
@@ -19,4 +19,26 @@ jobs:
         python -m pip install tox
     - name: Build package
       run: |
-        tox -e packaging
+        tox -e build
+    - name: Upload package
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+  publish:
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-22.04
+    needs: build
+    environment:
+      name: pypi
+      url: https://pypi.org/project/loguru/
+    permissions:
+      id-token: write
+    steps:
+    - name: Download package
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish package
+      uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index b4ff6d8c..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Release
-
-on:
-  push:
-    tags:
-    - '*'
-
-jobs:
-  release:
-    runs-on: ubuntu-22.04
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.11'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        python -m pip install tox
-    - name: Publish release
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
-      run: |
-        tox -e release
diff --git a/tox.ini b/tox.ini
index bc3ad216..b25e259e 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = lint, tests, docs, packaging
+envlist = lint, tests, docs, build
 isolated_build = True
 
 [testenv]
@@ -24,17 +24,8 @@ description = Build the HTML documentation.
 commands =
     sphinx-build -a -b html -W --keep-going docs/ docs/build
 
-[testenv:packaging]
+[testenv:build]
 description = Build the Python package.
 commands =
     pyproject-build .
     twine check --strict dist/*
-
-[testenv:release]
-description = Publish a new release on PyPI.
-passenv =
-    TWINE_USERNAME
-    TWINE_PASSWORD
-commands =
-    {[testenv:packaging]commands}
-    twine upload dist/* --disable-progress-bar --verbose