From 6a39db6df1324d8c58dff4adc8d443efa16877f9 Mon Sep 17 00:00:00 2001
From: Dave Evans <dave@evansd.net>
Date: Mon, 2 Mar 2026 10:18:15 +0000
Subject: [PATCH] Add `release` workflow using PyPI Trusted Publisher

---
 .github/workflows/main.yml | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 726efd7e..dbdb75f0 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -90,3 +90,23 @@ jobs:
         with:
           name: html-report
           path: htmlcov
+
+  release:
+    needs: [coverage]
+    if: success() && startsWith(github.ref, 'refs/tags/')
+    runs-on: ubuntu-24.04
+    environment: release
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: astral-sh/setup-uv@v7
+
+      - name: Build
+        run: uv build
+
+      - uses: pypa/gh-action-pypi-publish@release/v1