name: PyPI Publish
on:
  release:
    types:
      - created
jobs:
  publish:
    runs-on: ubuntu-latest

    permissions:
      contents: write # Required to push the built package to the repository
      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Install uv
        uses: astral-sh/setup-uv@v6

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.10.18"

      - name: Cache pip dependencies
        uses: actions/cache@v3
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-

      - name: Install dependencies
        run: |
          uv pip install --system build setuptools wheel hatchling

      - name: Build package
        run: python -m build

      - name: TestPyPI Publish
        if: contains(github.repository, 'insider')
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          repository-url: https://test.pypi.org/legacy/
          password: ${{ secrets.TEST_PYPI_API_TOKEN }}

      - name: PyPI Publish
        if: ${{!contains(github.repository , 'insider')}}
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          password: ${{ secrets.PYPI_API_TOKEN }}
