Add CI enhancements for package building, artifact handling, and automated PyPI publishing

.github/workflows/main.yml

@@ -6,8 +6,35 @@
   workflow_dispatch:
 
 jobs:
+  build:
+    name: Build package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          cache: "pip"
+      - name: Install pypa/build
+        run: >-
+          python3 -m pip install --user
+          build
+          twine
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+      - name: Check the distribution files with `twine`
+        run: twine check --strict dist/*
+      - name: Upload artifact
+        id: artifact-upload-step
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist-files
+          path: dist/*
+          if-no-files-found: error
+          compression-level: 0 # They are already compressed
   test-run:
     runs-on: ubuntu-latest
+    needs: build
     strategy:
       matrix:
         include:
@@ -33,7 +60,7 @@
             ignore-test-outcome: false
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Set up Python ${{ matrix.python-version }}
       uses: actions/setup-python@v4
@@ -61,6 +88,12 @@
       run: |
         python -m poetry install --only=dev
 
+    - name: Download artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: dist-files
+        path: dist/
+
     - name: Type checking
       # Ignore errors for older pythons
       continue-on-error: ${{ matrix.ignore-typecheck-outcome }}
@@ -73,14 +106,37 @@
       run: |
         source .venv/bin/activate
         coverage erase
-        tox run-parallel -f ${{ matrix.toxfactor }} --parallel-no-spinner --parallel-live
+          # Using `--parallel 4` as it's the number of CPUs in the GitHub Actions runner
+          # Using `installpkg dist/*.whl` because we want to install the pre-built package (want to test against that)
+          tox run-parallel -f ${{ matrix.toxfactor }} --parallel 4 --parallel-no-spinner --parallel-live --installpkg dist/*.whl
         coverage combine
         coverage xml
 
     - uses: codecov/codecov-action@v4
       with:
-        # Explicitly using the token in order to avoid Codecov rate limit errors
+          # Explicitly using the token to avoid Codecov rate limit errors
         # See https://community.codecov.com/t/upload-issues-unable-to-locate-build-via-github-actions-api/3954
         token: ${{ secrets.CODECOV_TOKEN }}
-        fail_ci_if_error: true
+        fail_ci_if_error: false
         verbose: true # optional (default = false)
+
+  pypi-publish:
+    name: Upload release to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/pytest-factoryboy
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    needs:
+      - "test-run"
+      - "build"
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: dist-files
+          path: dist/
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

RELEASING.md

@@ -5,8 +5,15 @@
 poetry version <newversion>
 ```
 2. Update the [CHANGES.rst](CHANGES.rst) file with the release notes and the new version.
-3. Build and publish the package:
-
+3. Commit the changes:
+```shell
+git add pyproject.toml CHANGES.rst
+git commit -m "Bump version to <newversion>"
+```
+4. Create and push a tag:
 ```shell
-poetry publish --build
+git tag <newversion>
+git push origin <newversion>
 ```
+
+The GitHub Actions workflow will automatically build and publish the package to PyPI when a tag is pushed.