---
name: Publish to PyPi
on:
    workflow_dispatch:
    release:
        types:
            - published

concurrency:
    group: ${{ github.workflow }}-${{ github.ref }}
    cancel-in-progress: true

jobs:
    publish-to-pypi:
        runs-on: ubuntu-latest
        strategy:
            fail-fast: true
            matrix:
                python-version: ["3.11"]
        steps:
            - uses: step-security/harden-runner@c8454efe5d0bdefd25384362fe217428ca277d57 # v2.2.0
              with:
                  egress-policy: block
                  disable-sudo: true
                  allowed-endpoints: >
                      api.github.com:443
                      files.pythonhosted.org:443
                      github.com:443
                      install.python-poetry.org:443
                      pypi.org:443
                      python-poetry.org:443
                      upload.pypi.org:443

            - name: Checkout repository
              uses: actions/checkout@v3

            - name: Setup Python and Poetry
              uses: ./.github/actions/setup-poetry

            # ----------------------------------------------
            # Test and then build the package
            # ----------------------------------------------
            - name: run poetry build
              run: |
                  poetry run poetry check
                  poetry run coverage run

            # ----------------------------------------------
            # Publish to PyPi
            # ----------------------------------------------
            - name: Publish
              env:
                  PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
              run: |
                  poetry config pypi-token.pypi $PYPI_TOKEN
                  poetry publish --build