From 6f79ffc6959f2c554db487143ea19a0479752d4a Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Mon, 19 Jun 2023 07:06:10 +0200
Subject: [PATCH 1/2] ci: rename workflow for jupyterhub org consistency

---
 .github/workflows/{python-publish.yml => release.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{python-publish.yml => release.yaml} (100%)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/release.yaml
similarity index 100%
rename from .github/workflows/python-publish.yml
rename to .github/workflows/release.yaml

From e67cff7a8c85e1aa91b2b4915359094f388f21d8 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Mon, 19 Jun 2023 07:16:00 +0200
Subject: [PATCH 2/2] ci: transition to jupyterhub common release.yaml

---
 .github/workflows/release.yaml | 48 ++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a8012ab..4dc4932 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,21 +1,42 @@
-# This workflows will upload a Python Package using Twine when a release is created
-# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+# This is a GitHub workflow defining a set of jobs with a set of steps. ref:
+# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
 #
-name: Upload Python Package
+name: Release
 
+# Always tests wheel building, but only publish to PyPI on pushed tags.
 on:
-  release:
-    types: [released]
+  pull_request:
+    paths-ignore:
+      - "docs/**"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
+  push:
+    paths-ignore:
+      - "docs/**"
+      - ".github/workflows/*.yaml"
+      - "!.github/workflows/release.yaml"
+    branches-ignore:
+      - "dependabot/**"
+      - "pre-commit-ci-update-config"
+    tags: ["**"]
+  workflow_dispatch:
 
 jobs:
-  deploy:
-    runs-on: ubuntu-latest
+  build-release:
+    runs-on: ubuntu-22.04
+    permissions:
+      # id-token=write is required for pypa/gh-action-pypi-publish, and the PyPI
+      # project needs to be configured to trust this workflow.
+      #
+      # ref: https://github.com/jupyterhub/team-compass/issues/648
+      #
+      id-token: write
 
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: "3.x"
+          python-version: "3.11"
 
       - name: install build package
         run: |
@@ -27,12 +48,7 @@ jobs:
         run: |
           python -m build --sdist --wheel .
           ls -l dist
-          sha256sum dist/* | tee SHA256SUMS
 
-      - name: Publish to PyPI
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
-        run: |
-          pip install twine
-          twine upload --skip-existing dist/*
+      - name: publish to pypi
+        uses: pypa/gh-action-pypi-publish@release/v1
+        if: startsWith(github.ref, 'refs/tags/')