From 8139f7f1f7bf558ffd341f8c9537cf4887a4152e Mon Sep 17 00:00:00 2001
From: Delgan <delgan.py@gmail.com>
Date: Wed, 4 Dec 2024 18:58:18 +0100
Subject: [PATCH] Configure "trusted publishing" in Github workflow

The TestPyPI isn't configured because it's kind of unusable in the CI
(since we can only upload package files once per version, and the
"skip-existing" parameter isn't recommended).
---
 .github/workflows/packaging.yml | 26 ++++++++++++++++++++++++--
 .github/workflows/release.yml   | 27 ---------------------------
 tox.ini                         | 11 +----------
 3 files changed, 25 insertions(+), 39 deletions(-)
 delete mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index c4545b53..d6f6e14a 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -3,7 +3,7 @@ name: Packaging
 on: [push, pull_request]
 
 jobs:
-  packaging:
+  build:
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     runs-on: ubuntu-22.04
     steps:
@@ -19,4 +19,26 @@ jobs:
         python -m pip install tox
     - name: Build package
       run: |
-        tox -e packaging
+        tox -e build
+    - name: Upload package
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+  publish:
+    if: startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-22.04
+    needs: build
+    environment:
+      name: pypi
+      url: https://pypi.org/project/loguru/
+    permissions:
+      id-token: write
+    steps:
+    - name: Download package
+      uses: actions/download-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Publish package
+      uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
deleted file mode 100644
index b4ff6d8c..00000000
--- a/.github/workflows/release.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: Release
-
-on:
-  push:
-    tags:
-    - '*'
-
-jobs:
-  release:
-    runs-on: ubuntu-22.04
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.11'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        python -m pip install tox
-    - name: Publish release
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
-      run: |
-        tox -e release
diff --git a/tox.ini b/tox.ini
index bc3ad216..7b76f478 100644
--- a/tox.ini
+++ b/tox.ini
@@ -24,17 +24,8 @@ description = Build the HTML documentation.
 commands =
     sphinx-build -a -b html -W --keep-going docs/ docs/build
 
-[testenv:packaging]
+[testenv:build]
 description = Build the Python package.
 commands =
     pyproject-build .
     twine check --strict dist/*
-
-[testenv:release]
-description = Publish a new release on PyPI.
-passenv =
-    TWINE_USERNAME
-    TWINE_PASSWORD
-commands =
-    {[testenv:packaging]commands}
-    twine upload dist/* --disable-progress-bar --verbose