feat: Major security and reliability improvements for v2.0.0 #6

	name: Publish

	on:
	push:
	tags:
	- "v*"

	jobs:
	publish:
	runs-on: ubuntu-latest
	environment: pypi
	permissions:
	id-token: write
	contents: write
	steps:
	- uses: actions/checkout@v4

	- name: Verify version matches tag
	run: \|
	PKG_VERSION=$(grep '^version = ' pyproject.toml \| sed 's/version = "$.*$"/\1/')
	TAG_VERSION=${GITHUB_REF_NAME#v}
	if [ "$PKG_VERSION" != "$TAG_VERSION" ]; then
	echo "::error::Version mismatch: pyproject.toml has $PKG_VERSION but tag is $TAG_VERSION"
	exit 1
	fi
	echo "Version verified: $PKG_VERSION"

	- name: Install uv
	uses: astral-sh/setup-uv@v4

	- name: Build package
	run: uv build

	- name: Create GitHub Release
	env:
	GH_TOKEN: ${{ github.token }}
	run: gh release create ${{ github.ref_name }} dist/* --generate-notes

	- name: Publish to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1

Provide feedback