diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
index 606c43de..dd5d35b8 100644
--- a/.github/workflows/pypi-publish.yml
+++ b/.github/workflows/pypi-publish.yml
@@ -7,10 +7,14 @@ on:
     types: [published]
   workflow_dispatch:
     inputs:
+      test_sdist:
+        description: 'Test sdist before upload'
+        type: boolean
+        default: true
       upload_to_test_pypi:
         description: 'Upload to Test PyPi'
         type: boolean
-        default: true
+        default: false
       upload_to_pypi:
         description: 'Upload to PyPi'
         type: boolean
@@ -19,30 +23,79 @@ on:
 permissions: read-all
 
 jobs:
-  pypi-publish:
-    name: Upload to PyPI
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - name: Checkout Concordia
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - name: Check Python setup
+        run: |
+          python --version
+          pip list
+          pip install --upgrade pip
+          pip install --upgrade setuptools
+      - name: Build distribution
+        run: python setup.py sdist bdist_wheel
+      - name: Save artifact
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+        with:
+          name: dist
+          path: ./dist
+          retention-days: 1
+
+  test:
+    name: Test
+    needs: build
+    if: github.event_name == 'release' || inputs.test_sdist
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    steps:
+      - name: Load artifact
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+        with:
+          name: dist
+          path: ./dist
+      - name: Set up Python
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
+        with:
+          python-version: '3.11'
+      - name: Install Python dependencies
+        run: |
+          pip install --upgrade pip
+          pip install pytest-xdist setuptools
+      - name: Install source distribution
+        run: |
+          pip install dist/*.tar.gz
+          pip list
+      - name: Test source distribution
+        run: |
+          pytest -n auto --pyargs meltingpot
+
+  publish:
+    name: Publish
+    needs: test
+    if: ${{ ! failure() }}
     runs-on: ubuntu-latest
     environment:
       name: pypi
-      url: https://pypi.org/p/dm-meltingpot
+      url: https://pypi.org/p/gdm-concordia
     permissions:
       id-token: write
-    timeout-minutes: 90
-
+    timeout-minutes: 5
     steps:
-      - name: Checkout Melting Pot
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-
-      - name: Build source distribution
-        run: python setup.py sdist
-
+      - name: Load artifact
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e
+        with:
+          name: dist
+          path: ./dist
       - name: Publish to TestPyPI
         if: github.event_name == 'release' || inputs.upload_to_test_pypi
         uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06
         with:
           repository-url: https://test.pypi.org/legacy/
           verbose: true
-
       - name: Publish to PyPI
         if: github.event_name == 'release' || inputs.upload_to_pypi
         uses: pypa/gh-action-pypi-publish@e53eb8b103ffcb59469888563dc324e3c8ba6f06
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index eeba9353..e5817b92 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -30,7 +30,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534
         with:
           results_file: results.sarif
           results_format: sarif