use OIDC for publishing to pypi #47

	name: Build pypi package

	on:
	push:
	tags: # on tags with versions
	- "v..*"

	jobs:
	release-build:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- name: Install poetry
	run: pipx install poetry
	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: "3.x"
	cache: "poetry"
	- name: Install package and dependencies
	run: \|
	poetry install --without dev --with tests
	- name: Build and publish
	run: \|
	poetry version $(git describe --tags --abbrev=0)
	poetry build
	- name: Verify wheel using twine
	run: \|
	poetry run twine check dist/* --strict
	- name: Upload release distributions
	uses: actions/upload-artifact@v3
	with:
	name: release-dists
	path: dist/

	pypi-publish:
	runs-on: ubuntu-latest
	needs:
	- release-build
	environment:
	name: pypi
	url: https://pypi.org/p/pymemuc
	permissions:
	id-token: write
	steps:
	- name: Retrieve release distributions
	uses: actions/download-artifact@v3
	with:
	name: release-dists
	path: dist/
	- name: Publish release distributions to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	print-hash: true

Provide feedback