name: deploy

on:
  push:
    tags:
      # These tags are protected, see:
      # https://github.com/pytest-dev/pytest/settings/tag_protection
      - "[0-9]+.[0-9]+.[0-9]+"
      - "[0-9]+.[0-9]+.[0-9]+rc[0-9]+"


# Set permissions at the job level.
permissions: {}

jobs:

  deploy:
    if: github.repository == 'pytest-dev/pytest'

    runs-on: ubuntu-latest
    timeout-minutes: 30
    permissions:
      contents: write

    steps:
    - uses: actions/checkout@v3
      with:
        fetch-depth: 0
        persist-credentials: false

    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: "3.7"

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install --upgrade build tox

    - name: Build package
      run: |
        python -m build

    - name: Publish package to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1
      with:
        password: ${{ secrets.pypi_token }}

    - name: Publish GitHub release notes
      env:
        GH_RELEASE_NOTES_TOKEN: ${{ github.token }}
      run: |
        sudo apt-get install pandoc
        tox -e publish-gh-release-notes