Add PyPI publication workflow

This publishes to Test PyPI on tag and published to public PyPI when a
github release is made.

Author: pganssle

.github/workflows/publish.yml

@@ -0,0 +1,55 @@
+# This workflow is triggered two ways:
+#
+# 1. When a tag is created, the workflow will upload the package to
+#    test.pypi.org.
+# 2. When a release is made, the workflow will upload the package to pypi.org.
+#
+# It is done this way until PyPI has draft reviews, to allow for a two-stage
+# upload with a chance for manual intervention before the final publication.
+name: Upload package
+
+on:
+  release:
+    types: [created]
+  push:
+    tags:
+      - '*'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -U tox
+    - name: Create tox environments
+      run: |
+        tox -p -e py,build,release --notest
+    - name: Run tests
+      run: |
+        tox -e py
+    - name: Build package
+      run: |
+        tox -e build
+    - name: Publish package
+      env:
+        TWINE_USERNAME: "__token__"
+      run: |
+        if [[ "$GITHUB_EVENT_NAME" == "push" ]]; then
+          export TWINE_REPOSITORY_URL="https://test.pypi.org/legacy/"
+          export TWINE_PASSWORD="${{ secrets.TEST_PYPI_UPLOAD_TOKEN }}"
+        elif [[ "$GITHUB_EVENT_NAME" == "release" ]]; then
+          export TWINE_REPOSITORY="pypi"
+          export TWINE_PASSWORD="${{ secrets.PYPI_UPLOAD_TOKEN }}"
+        else
+          echo "Unknown event name: ${GITHUB_EVENT_NAME}"
+          exit 1
+        fi
+
+        tox -e release