From aebf1f5ea5eaf9ffe5e8df11cfef8bf6d85d9b0e Mon Sep 17 00:00:00 2001
From: Marcelo Trylesinski <marcelotryle@gmail.com>
Date: Wed, 20 Nov 2024 20:29:26 +0100
Subject: [PATCH] Update `publish.yaml` with latest PyPI recommendations

---
 .github/workflows/publish.yml | 103 +++++++++++++++++++++++++++++-----
 1 file changed, 88 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7ecef5559..e473b9f0a 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,24 +6,97 @@ on:
       - '*'
 
 jobs:
-  publish:
-    name: "Publish release"
-    runs-on: "ubuntu-latest"
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.inspect_package.outputs.version }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.8"
+
+      - name: Install dependencies
+        run: scripts/install
+
+      - name: Build package & docs
+        run: scripts/build
+
+      - name: Inspect package version
+        id: inspect_package
+        run: |
+          version=$(uvx hatchling version)
+          echo "version=$version" >> "$GITHUB_OUTPUT"
+
+      - name: Check tag matches package version
+        run: |
+          version=$(cat "$GITHUB_OUTPUT" | grep -oP 'version=\K.*')
+          tag=$(echo "${GITHUB_REF#refs/tags/}")
+          if [ "$version" != "$tag" ]; then
+            echo "Tag '$tag' does not match package version '$version'"
+            exit 1
+          fi
+
+      - name: Upload package distributions
+        uses: actions/upload-artifact@v2
+        with:
+          name: package-distributions
+          path: dist/
+
+      - name: Upload documentation
+        uses: actions/upload-artifact@v2
+        with:
+          name: documentation
+          path: site/
+
+  pypi-publish:
+    runs-on: ubuntu-latest
+    needs: build
+
+    permissions:
+      id-token: write
 
     environment:
-        name: deploy
+      name: pypi
+      url: https://pypi.org/project/uvicorn/${{ needs.build.outputs.version }}
 
     steps:
-      - uses: "actions/checkout@v4"
-      - uses: "actions/setup-python@v5"
+      - name: Download artifacts
+        uses: actions/download-artifact@v2
+        with:
+          name: package-distributions
+          path: dist/
+
+      - name: Publish distribution 📦 to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  docs-publish:
+    runs-on: ubuntu-latest
+    needs: build
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v2
+        with:
+          name: documentation
+          path: site/
+
+      - name: Configure Git Credentials
+        run: |
+          git config user.name github-actions[bot]
+          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
+
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.8"
-      - name: "Install dependencies"
-        run: "scripts/install"
-      - name: "Build package & docs"
-        run: "scripts/build"
-      - name: "Publish to PyPI & deploy docs"
-        run: "scripts/publish"
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+
+      - name: Install dependencies
+        run: scripts/install
+
+      - name: Publish documentation 📚 to GitHub Pages
+        run: mkdocs gh-deploy --force