Upload to PyPI job in build workflow failing

[matt-graham]

The upload_pypi job in the Actions workflow defined in .github/workflows/build.yml, which is triggered on new releases, is failing with an error

Attestation generation failure:

/github/workspace/dist/s2fft-1.2.0.tar.gz already has a publish attestation: /github/workspace/dist/s2fft-1.2.0.tar.gz.publish.attestation

You're seeing this because the action attempted to generated PEP 740
attestations for its inputs, but failed to do so.

Specifically this happens in the Publish package distribution to PyPI step after the previous Publish package distribution to Test PyPI step successfully completes.

I think we are hitting against the issue described in pypa/gh-action-pypi-publish#283 (comment), specifically that the step publishing to Test PyPI creates an attestation file (used to sign / verify the package upload as far as I can tell), which a subsequent twine upload command in the step publishing to PyPI finds and raises an error (as it expects there to be no existing attestation file present).

From the discussion in the issue thread it appears there are a couple of possible resolutions:

• Disable attestations being generated on one of two steps (probably the test PyPI) by setting attestations: false in with block for step.
• Refactor the workflow to use separate jobs for publishing to Test PyPI and PyPI. This appears to be the recommended approach as then they each can be operated in a separate environment with its own restrictions.