v0.11.0 #38

	name: Publish
	on:
	release:
	types: [published]

	jobs:
	build:
	name: Build package
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: verify version matches git tag
	run: scripts/verify_tag.sh

	- uses: hynek/build-and-inspect-python-package@v2

	publish:
	name: Publish to PyPI
	needs: ["build"]
	runs-on: ubuntu-latest
	environment: pypi
	permissions:
	id-token: write
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: Packages
	path: dist

	- uses: pypa/gh-action-pypi-publish@release/v1
	# NOTE: This is not the current best practice. Instead, we should use
	# "trusted publishing":
	# https://github.com/pypa/gh-action-pypi-publish?tab=readme-ov-file#trusted-publishing
	with:
	password: ${{ secrets.PYPI_TOKEN }}

Provide feedback