Enhance CD workflow and version metadata handling

Author: sergeyklay

.github/workflows/cd.yml

@@ -2,8 +2,8 @@ name: CD
 
 on:
   push:
-    branches-ignore:
-      - 'dependabot/**'
+    branches:
+      - main
     tags:
       - '[0-9]+.[0-9]+.[0-9]+'
   pull_request:
@@ -37,6 +37,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          fetch-tags: true
 
       - name: Set up Python ${{ matrix.python }}
         id: setup-python
@@ -77,24 +78,37 @@ jobs:
           restore-keys: |
             pip-build-${{ runner.os }}-
 
-      - name: Test package installation
+      - name: Verify package
         run: |
+          pip install twine
+          twine check dist/*
+          # Install the package and check version
           pip install dist/*.whl
+          PKG_VERSION=$(python -c "import importlib.metadata; print(importlib.metadata.version('clusx'))")
+          echo "Package version: $PKG_VERSION"
+          # Verify version is PyPI-compatible
+          if [[ "$PKG_VERSION" == *"+"* ]]; then
+            echo "Error: Version contains '+' which is not allowed by PyPI"
+            exit 1
+          fi
+          # Show version for verification
           clusx --version
 
       - name: Upload Build Artifacts
         uses: actions/upload-artifact@v4
         with:
           name: dist
           path: dist/clusx-*.*
+          retention-days: 7
 
-  upload_pypi:
-    name: Upload to PyPI
+  upload_test_pypi:
+    name: Upload to Test PyPI
     runs-on: ubuntu-latest
 
     needs: [build]
 
-    environment: pypi
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'pull_request'
+    environment: test-pypi
 
     permissions:
       id-token: write
@@ -107,17 +121,35 @@ jobs:
           path: dist
           merge-multiple: true
 
-      - name: Publish package distributions to Test PyPI
+      - name: Publish to Test PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository-url: https://test.pypi.org/legacy/
           verbose: true
 
+  upload_pypi:
+    name: Upload to PyPI
+    runs-on: ubuntu-latest
+
+    needs: [build]
+
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    environment: production-pypi
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+          merge-multiple: true
 
-      - name: Publish package distributions to PyPI
+      - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}
           repository-url: https://pypi.org/legacy/

pyproject.toml

@@ -100,7 +100,7 @@ vcs = "git"
 # Disable the local version part (the part after +) for PyPI compatibility
 pattern = "^(?P<base>\\d+\\.\\d+\\.\\d+)$"
 # Only include metadata for non-tagged versions
-format-jinja = "{% if distance == 0 %}{{ base }}{% else %}{{ base }}.post{{ distance }}{% endif %}"
+format-jinja = "{% if distance == 0 %}{{ base }}{% else %}{{ base }}.dev{{ distance }}{% endif %}"
 
 [tool.black]
 line-length = 88