Release to PyPI using Trusted Publishing

.github/workflows/release.yml

@@ -0,0 +1,81 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+    tags: ["*"]
+  pull_request:
+    branches: [main]
+  release:
+    types:
+      - published
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+env:
+  FORCE_COLOR: 1
+
+jobs:
+  # Always build & lint package.
+  build-package:
+    name: Build & verify package
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: hynek/build-and-inspect-python-package@v2
+
+  # Upload to Test PyPI on every commit on main.
+  release-test-pypi:
+    name: Publish in-dev package to test.pypi.org
+    if: |
+      github.repository_owner == 'python-humanize'
+      && github.event_name == 'push'
+      && github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - name: Upload package to Test PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true
+          repository-url: https://test.pypi.org/legacy/
+
+  # Upload to real PyPI on GitHub Releases.
+  release-pypi:
+    name: Publish released package to pypi.org
+    if: |
+      github.repository_owner == 'python-humanize'
+      && github.event.action == 'published'
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download packages built by build-and-inspect-python-package
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - name: Upload package to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true

RELEASING.md

@@ -5,66 +5,19 @@
       running cleanly for all merges to `main`.
       [![GitHub Actions status](https://github.com/python-humanize/humanize/workflows/Test/badge.svg)](https://github.com/python-humanize/humanize/actions)
 
-* [ ] Start from a freshly cloned repo:
-
-```bash
-cd /tmp
-rm -rf humanize
-git clone https://github.com/python-humanize/humanize
-cd humanize
-# Generate translation binaries
-scripts/generate-translation-binaries.sh
-```
-
-- [ ] (Optional) Create a distribution and release on **TestPyPI**:
-
-```bash
-pip install -U pip build keyring twine
-rm -rf build dist
-python -m build
-twine check --strict dist/* && twine upload --repository testpypi dist/*
-```
-
-- [ ] (Optional) Check **test** installation:
-
-```bash
-pip3 uninstall -y humanize
-pip3 install -U -i https://test.pypi.org/simple/ humanize --pre
-python3 -c "import humanize; print(humanize.__version__)"
-```
-
-- [ ] Tag with the version number:
+- [ ] Edit release draft, adjust text if needed:
+      https://github.com/python-humanize/humanize/releases
 
-```bash
-git tag -a 2.1.0 -m "Release 2.1.0"
-```
+- [ ] Check next tag is correct, amend if needed
 
-- [ ] Create a distribution and release on **live PyPI**:
+- [ ] Publish release
 
-```bash
-pip install -U pip build keyring twine
-rm -rf build dist
-python -m build
-twine check --strict dist/* && twine upload --repository pypi dist/*
-```
+- [ ] Check the tagged
+      [GitHub Actions build](https://github.com/python-humanize/humanize/actions/workflows/release.yml)
+      has released to [PyPI](https://pypi.org/project/humanize/#history)
 
 - [ ] Check installation:
 
 ```bash
-pip uninstall -y humanize
-pip install -U humanize
-python3 -c "import humanize; print(humanize.__version__)"
-```
-
-- [ ] Push tag:
-
-```bash
-git push --tags
+pip3 uninstall -y humanize && pip3 install -U humanize && python3 -c "import humanize; print(humanize.__version__)"
 ```
-
-- [ ] Edit release draft, adjust text if needed:
-      https://github.com/python-humanize/humanize/releases
-
-- [ ] Check next tag is correct, amend if needed
-
-- [ ] Publish release