GridTools · havogt · Feb 7, 2024 · Jan 24, 2024 · Jan 24, 2024 · Jan 31, 2024
diff --git a/.github/workflows/deploy-release.yml b/.github/workflows/deploy-release.yml
@@ -6,8 +6,8 @@ on:
   workflow_dispatch:
 
 jobs:
-  build-n-publish:
-    name: Build and publish Python distribution
+  build:
+    name: Build Python distribution
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
@@ -21,14 +21,29 @@ jobs:
     - name: Build a wheel and a source tarball
       run: |
         python -m build --sdist --wheel --outdir dist/
-    - name: Publish distribution to Test PyPI
-      if: ${{ github.event_name == 'release' }}
-      uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.TEST_PYPI_API_TOKEN }}
-        repository_url: https://test.pypi.org/legacy/
+  publish-pypi:
+    name: Publish Python distribution to test.pypi.org
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    environment:
+      name: pypi
+      url: https://pypi.org/project/gt4py
+    permissions:
+      id-token: write
+    steps:
     - name: Publish distribution to PyPI
-      if: ${{ github.event_name == 'workflow_dispatch' }}
       uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        password: ${{ secrets.PYPI_API_TOKEN }}
+  publish-test-pypi:
+    name: Publish Python distribution to test.pypi.org
+    runs-on: ubuntu-latest
+    needs: build
+    if: ${{ github.event_name == 'release' }}
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/project/gt4py/
+    permissions:
+      id-token: write
+    steps:
+    - name: Publish distribution to Test PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/docs/development/tools/release.md b/docs/development/tools/release.md
@@ -22,9 +22,13 @@ Currently, GT4Py releases are published in PyPI (and TestPyPI) and also as commi
 
 5. On the GitHub website go to _Releases_ and _Draft a new release_. Choose `v0.{M}.{m}.{p}` as tag and select a branch (usually `main`). Follow the style of the previous releases for the title (`GT4Py v0.{M}.{m}.{p}`) and description. Then _Publish release_.
 
-6. Upload distribution package to TestPyPI and quickly test that it works properly.
+6. Publishing the release will trigger a Github action to deploy to TestPyPI. Install the package from TestPyPi and do basic tests.
 
-7. Upload distribution package to PyPI and quickly that test it works properly.
+7. If tests are ok, manually trigger the deploy Github action selecting the release tag as target. This will publish the package to PyPI. Install the package and test if it works.
+
+## PyPi and TestPyPi accounts
+
+The account is called `gridtools`. Credentials can be found in the bitwarden of CSCS. For 2FA, the recovery keys are stored in bitwarden, too. In case a new developer should get access, the recovery keys can be used to setup the authentication app (for all developers who should have access).
 
 <!-- Reference links -->