ci: add release workflow with OIDC and Sigstore

Author: emmanuel-ferdman

.github/workflows/release.yml

@@ -0,0 +1,76 @@
+name: Release
+
+on:
+  release:
+    types:
+      - published
+
+env:
+  DEFAULT_PYTHON: "3.13"
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build release assets
+    runs-on: ubuntu-latest
+    if: github.event_name == 'release'
+    steps:
+      - name: Check out code from Github
+        uses: actions/checkout@v6.0.2
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        id: python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          check-latest: true
+      - name: Install requirements
+        run: python -m pip install build
+      - name: Build distributions
+        run: python -m build
+      - name: Upload release assets
+        uses: actions/upload-artifact@v7.0.0
+        with:
+          name: release-assets
+          path: dist/
+
+  release-pypi:
+    name: Upload release to PyPI
+    runs-on: ubuntu-latest
+    needs: ["build"]
+    environment:
+      name: PyPI
+      url: https://pypi.org/project/pylint-qt/
+    permissions:
+      id-token: write
+    steps:
+      - name: Download release assets
+        uses: actions/download-artifact@v8.0.1
+        with:
+          name: release-assets
+          path: dist/
+      - name: Upload to PyPI
+        if: github.event_name == 'release'
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  release-github:
+    name: Upload assets to Github release
+    runs-on: ubuntu-latest
+    needs: ["build"]
+    permissions:
+      contents: write
+      id-token: write
+    steps:
+      - name: Download release assets
+        uses: actions/download-artifact@v8.0.1
+        with:
+          name: release-assets
+          path: dist/
+      - name: Sign the dists with Sigstore and upload assets to Github release
+        if: github.event_name == 'release'
+        uses: sigstore/gh-action-sigstore-python@v3.3.0
+        with:
+          inputs: |
+            ./dist/*.tar.gz
+            ./dist/*.whl