From 75309dbdd44d98688000a888fc5238c35dfbc213 Mon Sep 17 00:00:00 2001
From: Dave Dittrich <dave.dittrich@gmail.com>
Date: Sat, 5 Oct 2024 13:21:30 -0700
Subject: [PATCH] Fix publish workflow

---
 .github/workflows/publish.yaml | 69 +++++++++++++++++++++++-----------
 1 file changed, 47 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index e00f6ec..499fc5e 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -9,16 +9,11 @@ permissions:
   contents: read
 
 jobs:
-  pypi-publish:
-    name: Upload release to PyPI
+  build:
     runs-on: ubuntu-22.04
     env:
-        PY_COLORS: 1
-        PYTHON_VERSION: '3.12.6'
-    environment:
-      name: pypi
-    permissions:
-      id-token: write
+      PY_COLORS: 1
+      PYTHON_VERSION: '3.12.6'
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -48,21 +43,51 @@ jobs:
       - name: Package project
         run: make twine-check
 
-      # [1-build-publish-workflow]
-      - name: Publish release candidate artifacts to TestPyPI
-        if: contains(github.ref, 'rc') == true
-        uses: pypa/gh-action-pypi-publish@release/v1
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  # [1-build-publish-workflow]
+  pypi-publish:
+    name: Publish release artifacts to PyPI
+    if: contains(github.ref, 'rc') == false
+    runs-on: ubuntu-22.04
+    needs:
+      - build
+    environment:
+      name: pypi
+      url: https://pypi.org/p/python_secrets
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
         with:
-          repository_url: https://test.pypi.org/legacy/
-          user: __token__
-          password: ${{ secrets.PSEC_TEST_PYPI_PASSWORD }}
-          verify-metadata: false
+          name: python-package-distributions
+          path: dist/
 
-      - name: Publish tagged artifacts to PyPI
-        if: contains(github.ref, 'rc') == false
+      - name: Publish distribution to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
+
+  test-pypi-publish:
+    if: contains(github.ref, 'rc') == true
+    runs-on: ubuntu-22.04
+    needs:
+      - build
+    environment:
+      name: pypi
+      url: https://test.pypi.org/p/python_secrets
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
         with:
-          user: __token__
-          password: ${{ secrets.PSEC_PYPI_PASSWORD }}
-          verify-metadata: false
-      # ![1-build-publish-workflow]
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish release candidate distribution to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+  # ![1-build-publish-workflow]