This pull request changes the way we publish artifacts to PyPI.
We no longer use secrets to publish artifacts, instead, artifacts are published to PyPI using a trusted publisher.
This approach is documented here - https://docs.pypi.org/trusted-publishers/.
The release pipeline is also part of the production environment. This means we can apply multiple rules and adjust the conditions for when the new release can be made (gating).
Also, we don't need multiple workflows to perform these actions, so I merged pipelines and used a strategy matrix to do the trick.
--
I plan to extend this definition to include production COPR builds in the next PR.
This pull request changes the way we publish artifacts to PyPI. We no longer use secrets to publish artifacts, instead, artifacts are published to PyPI using a trusted publisher. This approach is documented here - https://docs.pypi.org/trusted-publishers/. The release pipeline is also part of the
productionenvironment. This means we can apply multiple rules and adjust the conditions for when the new release can be made (gating).Also, we don't need multiple workflows to perform these actions, so I merged pipelines and used a strategy matrix to do the trick.
-- I plan to extend this definition to include production COPR builds in the next PR.