From 07eecba05753b0a708753241fb6044e1f55be7c3 Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Tue, 14 May 2024 00:30:03 +0200
Subject: [PATCH 1/3] Build wheel from sdist @ GHA release workflow

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bd243c058..032e60cfb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -22,6 +22,6 @@ jobs:
         with:
           fetch-depth: 0
       - name: Build package
-        run: pyproject-build -s -w . -o dist
+        run: pyproject-build
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@v1.8.14

From d56ac91a91cce35669818683e519112fff2f7133 Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Tue, 14 May 2024 00:36:23 +0200
Subject: [PATCH 2/3] Link per-release URLs of the PyPI project @ GHA

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 032e60cfb..f916bdfc3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     environment:
       name: release
-      url: https://pypi.org/p/tox
+      url: https://pypi.org/project/tox/${{ github.ref_name }}
     permissions:
       id-token: write
     steps:

From 4712d2277e4db98e17007ae90d4d844aea8ca40f Mon Sep 17 00:00:00 2001
From: Sviatoslav Sydorenko <wk@sydorenko.org.ua>
Date: Tue, 14 May 2024 00:37:25 +0200
Subject: [PATCH 3/3] Remove OIDC privilege from package build deps

---
 .github/workflows/release.yml | 31 +++++++++++++++++++++++++------
 1 file changed, 25 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f916bdfc3..ad0fdee3c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -3,14 +3,12 @@ on:
   push:
     tags: ["*"]
 
+env:
+  dists-artifact-name: python-package-distributions
+
 jobs:
-  release:
+  build:
     runs-on: ubuntu-latest
-    environment:
-      name: release
-      url: https://pypi.org/project/tox/${{ github.ref_name }}
-    permissions:
-      id-token: write
     steps:
       - name: Setup python to build package
         uses: actions/setup-python@v5
@@ -23,5 +21,26 @@ jobs:
           fetch-depth: 0
       - name: Build package
         run: pyproject-build
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.dists-artifact-name }}
+          path: dist/*
+
+  release:
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    environment:
+      name: release
+      url: https://pypi.org/project/tox/${{ github.ref_name }}
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ env.dists-artifact-name }}
+          path: dist/
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@v1.8.14