release: v0.1.3

Author: mikewolfd

.github/workflows/python-publish.yml

@@ -10,6 +10,11 @@ on:
   release:
     types: [created]
 
+# Add these top-level permissions
+permissions:
+  contents: write
+  id-token: write
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -66,18 +71,42 @@ jobs:
       run: |
         python -m build
     
+    - name: Upload package distributions
+      uses: actions/upload-artifact@v4
+      with:
+        name: python-package-distributions
+        path: dist/
+    
     - name: Publish to PyPI
-      if: github.event_name == 'release'
+      if: github.event_name == 'release' || startsWith(github.ref, 'refs/tags/v')
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}
         skip-existing: true
 
-    - name: Publish package distributions to GitHub Releases
-      uses: python-actions/gh-release@v1
+    - name: Sign the dists with Sigstore
+      uses: sigstore/gh-action-sigstore-python@v3.0.0
       with:
-        repository: ${{ github.repository }}
-        tag_name: ${{ github.ref_name }}
-        files: |
-          dist/*
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release create
+        "$GITHUB_REF_NAME"
+        --repo "$GITHUB_REPOSITORY"
+        --notes "This release was automatically created by the GitHub Actions workflow."
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        "$GITHUB_REF_NAME" dist/**
+        --repo "$GITHUB_REPOSITORY"

MANIFEST.in

@@ -0,0 +1,3 @@
+recursive-include msgspec_schemaorg/models *.py
+include README.md
+include LICENSE

msgspec_schemaorg/__init__.py

@@ -11,7 +11,7 @@
 - Maintains type safety with modern Python type annotations
 """
 
-__version__ = "0.1.2"
+__version__ = "0.1.3"
 
 # Import the key functions and classes to expose at the package level
 from .generate import fetch_and_generate, SchemaProcessor

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "msgspec-schemaorg"
-version = "0.1.2"
+version = "0.1.3"
 description = "Generate Python msgspec.Struct classes from the Schema.org vocabulary"
 readme = "README.md"
 requires-python = ">=3.10"

setup.py

@@ -2,7 +2,7 @@
 
 setup(
     name="msgspec-schemaorg",
-    version="0.1.2",
+    version="0.1.3",
     author="Michael Deeb",
     author_email="michael.f.deeb@gmail.com",
     description="Generate Python msgspec.Struct classes from the Schema.org vocabulary",