From 99f1ab6714dc03764664176cb4fd24390d15925f Mon Sep 17 00:00:00 2001
From: Scott Chamberlain <sckott@fastmail.com>
Date: Wed, 6 Nov 2024 21:55:27 -0800
Subject: [PATCH] add trusted publishing yml file

---
 .github/workflows/publish.yml | 58 +++++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 .github/workflows/publish.yml

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
new file mode 100644
index 0000000..3ac4aad
--- /dev/null
+++ b/.github/workflows/publish.yml
@@ -0,0 +1,58 @@
+name: Publish to PyPI
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [3.9.16, 3.10.9, 3.11.5, 3.12, 3.13]
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          version: "0.4.30"
+      
+      - name: Set up Python
+        run: uv python install 3.13
+      
+      - name: Install the project
+        run: uv sync --all-extras --dev
+      
+      - name: Tests
+        run: make test
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: [test]
+    environment:
+      name: release
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+        with:
+          enable-cache: true
+          version: "0.4.30"
+
+      - name: Set up Python
+        run: uv python install 3.13
+
+      - name: Build
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1