From 9cbd4cae6909e08a908ff0fbe660eef092edcdd1 Mon Sep 17 00:00:00 2001
From: "Luke W. Johnston" <lwjohnst@gmail.com>
Date: Mon, 30 Jun 2025 11:35:31 -0400
Subject: [PATCH] ci: :bug: publishing and building need to be split

---
 .github/sync.yml                      |  4 +--
 .github/workflows/release-package.yml | 42 +++++++++++++++++++++++++++
 .github/workflows/update-version.yml  | 20 -------------
 3 files changed, 44 insertions(+), 22 deletions(-)
 create mode 100644 .github/workflows/release-package.yml
 delete mode 100644 .github/workflows/update-version.yml

diff --git a/.github/sync.yml b/.github/sync.yml
index 5c11ed4..fe133dd 100644
--- a/.github/sync.yml
+++ b/.github/sync.yml
@@ -31,8 +31,8 @@ group:
         dest: .github/workflows/build-package.yml
       - source: .github/workflows/build-website.yml
         dest: .github/workflows/build-website.yml
-      - source: .github/workflows/update-version.yml
-        dest: .github/workflows/update-version.yml
+      - source: .github/workflows/release-package.yml
+        dest: .github/workflows/release-package.yml
       - source: .github/workflows/scorecards.yml
         dest: .github/workflows/scorecards.yml
       - source: .github/_project-dependabot.yml
diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml
new file mode 100644
index 0000000..b6fd451
--- /dev/null
+++ b/.github/workflows/release-package.yml
@@ -0,0 +1,42 @@
+name: Release package
+
+on:
+  push:
+    branches:
+      - main
+
+# Limit token permissions for security
+permissions: read-all
+
+jobs:
+  release-package:
+    # Only give permissions for this job.
+    permissions:
+      contents: write
+    uses: seedcase-project/.github/.github/workflows/reusable-release-package.yml@main
+    with:
+      app-id: ${{ vars.UPDATE_VERSION_APP_ID }}
+    secrets:
+      update-version-gh-token: ${{ secrets.UPDATE_VERSION_TOKEN }}
+
+  pypi-publish:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    # Only give permissions for this job.
+    permissions:
+      # IMPORTANT: mandatory for trusted publishing.
+      id-token: write
+    environment:
+      name: pypi
+    needs:
+      - release-package
+    steps:
+      - name: Download built distributions
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
+        with:
+          name: release-dists
+          path: dist/
+
+      - name: Publish 📦 to PyPI
+        # Only publish if the option is explicitly set in the calling workflow.
+        run: uv publish --trusted-publishing always
diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml
deleted file mode 100644
index 03aa554..0000000
--- a/.github/workflows/update-version.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: Update version
-
-on:
-  push:
-    branches:
-      - main
-
-# Limit token permissions for security
-permissions: read-all
-
-jobs:
-  update-version:
-    # Only give permissions for this job.
-    permissions:
-      contents: write
-    uses: seedcase-project/.github/.github/workflows/reusable-update-python-project-version.yml@main
-    with:
-      app-id: ${{ vars.UPDATE_VERSION_APP_ID }}
-    secrets:
-      update-version-gh-token: ${{ secrets.UPDATE_VERSION_TOKEN }}