v0.1.1 #2

	name: Publish

	on:
	release:
	types: [published]
	workflow_dispatch:
	inputs:
	ref:
	description: "Git ref, tag, or SHA to publish"
	required: true
	default: "master"

	permissions:
	contents: read

	jobs:
	build:
	name: Build distributions
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v6
	with:
	ref: ${{ github.event.inputs.ref \|\| github.ref }}

	- name: Install uv
	uses: astral-sh/setup-uv@v7

	- name: Set up Python
	run: uv python install 3.12

	- name: Install dependencies
	run: uv sync --python 3.12 --extra dev

	- name: Format check
	run: uv run ruff format --check .

	- name: Lint
	run: uv run ruff check .

	- name: Type check
	run: uv run basedpyright

	- name: Test with coverage
	run: uv run pytest --cov=hermes_tweet --cov=tests --cov-report=term-missing --cov-fail-under=100

	- name: Security scan
	run: uv run bandit -c pyproject.toml -r hermes_tweet scripts

	- name: Dependency audit
	run: uv run pip-audit

	- name: Build package
	run: uv run python -m build

	- name: Check package metadata
	run: uv run twine check dist/*

	- name: Upload distributions
	uses: actions/upload-artifact@v7
	with:
	name: distributions
	path: dist/*
	if-no-files-found: error
	retention-days: 7

	publish:
	name: Publish to PyPI
	needs: build
	runs-on: ubuntu-latest
	environment:
	name: pypi
	url: https://pypi.org/project/hermes-tweet/
	permissions:
	contents: read
	id-token: write
	steps:
	- name: Download distributions
	uses: actions/download-artifact@v6
	with:
	name: distributions
	path: dist

	- name: Publish distributions
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	packages-dir: dist/

Provide feedback