It's quite easy to setup and makes the release process very safe. In the above case, when I push a tag I then have to validate the workflow on GH to make it run and do the release.
You're still able to release manually with Twine and others, this just adds a safe way to release automagically on GH.
What do you think about using the new trusted publisher mechanism?
https://docs.pypi.org/trusted-publishers/
I implemented that here https://github.com/Simulation-Decomposition/simdec-python/blob/main/.github/workflows/release.yaml
It's quite easy to setup and makes the release process very safe. In the above case, when I push a tag I then have to validate the workflow on GH to make it run and do the release.
You're still able to release manually with Twine and others, this just adds a safe way to release automagically on GH.