name: build and publish releases to PyPi
on:
  push:
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'
  workflow_dispatch:

jobs:
  pypi:
    name: Upload release to PyPI
    runs-on: ubuntu-latest
    environment:
      name: pypi
      url: https://pypi.org/p/gam7
    permissions:
      id-token: write
    steps:

      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v5.0.0
        with:
          persist-credentials: false
          fetch-depth: 0

      - name: Install required packages to publish
        run: |
          python3 -m pip install --upgrade build

      - name: Build packages
        run: |
          python -m build

      - name: Publish package distributions to PyPI
        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
        with:
          attestation: true