name: Publish to PyPI

on:
  release:
    types: [published]
  push:
    tags:
      - 'v*.*.*'

jobs:
  deploy:
    runs-on: ubuntu-latest

    environment: pypi
    permissions:
      # This permission is needed for private repositories.
      contents: read
      # IMPORTANT: this permission is mandatory for trusted publishing
      id-token: write

    steps:
      - uses: actions/checkout@v4

      - name: Set up Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'
          cache: 'pip'

      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip 
          pip install hatch

      - name: Build package
        run: hatch build

      - name: Publish on PyPI
        uses: pypa/gh-action-pypi-publish@release/v1