---
name: Publish to PyPi
on:
    workflow_dispatch:
    release:
        types:
            - published

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true

jobs:
    publish-to-pypi:
        runs-on: ubuntu-latest
        strategy:
            fail-fast: true
            matrix:
                python-version: ["3.11"]
        steps:
            - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0
              with:
                  egress-policy: audit
                  disable-sudo: true

            - name: Checkout repository
              uses: actions/checkout@v3

            - name: Setup Python and Poetry
              uses: ./.github/actions/setup-poetry

            # ----------------------------------------------
            # Test and then build the package
            # ----------------------------------------------
            - name: run poetry build
              run: |
                  poetry run poetry check
                  poetry run coverage run

            # ----------------------------------------------
            # Publish to PyPi
            # ----------------------------------------------
            - name: Publish
              env:
                  PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
              run: |
                  poetry config pypi-token.pypi $PYPI_TOKEN
                  poetry publish --build