maybe this is even better [ck skip]

.github/workflows/python-publish-pypi.yml

@@ -1,8 +1,9 @@
 name: Publish Python 🐍 distribution 📦 to PyPI
 on:
-  release:
-    types: [published]
-
+  push:
+    # Pattern matched against refs/tags
+    tags:
+      - 'v*' # Push events to every tag not containing /
 jobs:
   build:
     name: Build distribution 📦
@@ -37,7 +38,7 @@ jobs:
     runs-on: ubuntu-latest
     environment:
       name: release
-      url: https://pypi.org/p/paramnormal  # Replace <package-name> with your PyPI project name
+      url: https://pypi.org/p/wqio  # Replace <package-name> with your PyPI project name
     permissions:
       id-token: write  # IMPORTANT: mandatory for trusted publishing
 
@@ -50,55 +51,45 @@ jobs:
     - name: Publish distribution 📦 to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
 
-  ## officially, the python docs want you pushing to TestPyPI
-  ## after every merge and to PyPI with every tag. You push the
-  ## tag, and then this GHA would do the release.
-  ## In practice, I don't like this. You need to alter the version
-  ## number with every PR to get a clean upload to TestPyPI.
-  ##
-  ## My approach is to only upload to TestPyPI with the tag push,
-  ## and then to upload to PyPI with the GitHub release. And so
-  ## I've commented out this sign & release workflow
-
-  # github-release:
-  #   name: >-
-  #     Sign the Python 🐍 distribution 📦 with Sigstore
-  #     and upload them to GitHub Release
-  #   needs:
-  #   - publish-to-pypi
-  #   runs-on: ubuntu-latest
+  github-release:
+    name: >-
+      Sign the Python 🐍 distribution 📦 with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
 
-  #   permissions:
-  #     contents: write  # IMPORTANT: mandatory for making GitHub Releases
-  #     id-token: write  # IMPORTANT: mandatory for sigstore
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
 
-  #   steps:
-  #   - name: Download all the dists
-  #     uses: actions/download-artifact@v3
-  #     with:
-  #       name: python-package-distributions
-  #       path: dist/
-  #   - name: Sign the dists with Sigstore
-  #     uses: sigstore/gh-action-sigstore-python@v1.2.3
-  #     with:
-  #       inputs: >-
-  #         ./dist/*.tar.gz
-  #         ./dist/*.whl
-  #   - name: Create GitHub Release
-  #     env:
-  #       GITHUB_TOKEN: ${{ github.token }}
-  #     run: >-
-  #       gh release create
-  #       '${{ github.ref_name }}'
-  #       --repo '${{ github.repository }}'
-  #       --notes ""
-  #   - name: Upload artifact signatures to GitHub Release
-  #     env:
-  #       GITHUB_TOKEN: ${{ github.token }}
-  #     # Upload to GitHub Release using the `gh` CLI.
-  #     # `dist/` contains the built packages, and the
-  #     # sigstore-produced signatures and certificates.
-  #     run: >-
-  #       gh release upload
-  #       '${{ github.ref_name }}' dist/**
-  #       --repo '${{ github.repository }}'
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@v3
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/gh-action-sigstore-python@v1.2.3
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Create GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      run: >-
+        gh release create
+        '${{ github.ref_name }}'
+        --repo '${{ github.repository }}'
+        --notes ""
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        '${{ github.ref_name }}' dist/**
+        --repo '${{ github.repository }}'

.github/workflows/python-publish-testpypi.yml

@@ -4,7 +4,7 @@ on:
   push:
     # Pattern matched against refs/tags
     tags:
-      - '*' # Push events to every tag not containing /
+      - 'test*' # Push events to every tag not containing /
 
 jobs:
   build:
@@ -40,7 +40,7 @@ jobs:
 
     environment:
       name: test
-      url: https://test.pypi.org/p/paramnormal
+      url: https://test.pypi.org/p/wqio
 
     permissions:
       id-token: write  # IMPORTANT: mandatory for trusted publishing

conda.recipes/dev/meta.yaml

@@ -1,6 +1,6 @@
 package:
   name: wqio
-  version: 0.6.1
+  version: 0.6.2
 
 source:
   path: ../../

conda.recipes/release/meta.yaml

@@ -1,10 +1,10 @@
 package:
   name: wqio
-  version: "0.6.1"
+  version: "0.6.2"
 
 source:
   git_url: https://github.com/Geosyntec/wqio.git
-  git_tag: v0.6.1
+  git_tag: v0.6.2
 #  patches:
    # List any patch files here
    # - fix.patch

readme.rst

@@ -100,3 +100,16 @@ top level of the project directory, and add the following contents::
 After this, hitting ctrl+b in either text editor will run the test suite.
 
 .. _build: https://atom.io/packages/build
+
+
+On Releasing new versions
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+There are two Github actions that are run when tags are pushed.
+The first builds and uploads to TestPyPI.
+The second builds, uploads to PyPI, then signs the release and creates a Github release with a buunch of different assets.
+
+To execute the test build, create a new tag that starts with the string ``test`` (i.e., ``test0.6.3``) and push that.
+
+If that works, create Yet Another tag that starts with ``v`` (i.e., ``v0.6.3``) and push that.
+The second tag will trigger the full release.

setup.py

@@ -7,7 +7,7 @@
 DESCRIPTION = "wqio: Water Quality Inflow/Outflow"
 LONG_DESCRIPTION = DESCRIPTION
 NAME = "wqio"
-VERSION = "0.6.1"
+VERSION = "0.6.2"
 AUTHOR = "Paul Hobson (Herrera Environmental Consultants)"
 AUTHOR_EMAIL = "phobson@herrerainc.com"
 URL = "https://github.com/International-BMP-Database/wqio"