Automation

[JoyboyBrian]

No description provided.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[Copilot]

Pull Request Overview

Automate Python package publishing via GitHub Actions when pushing to the release branch or triggering manually.

• Adds a new publish workflow to build artifacts and upload to PyPI.
• Sets up Python 3.12, runs a build script, and uses pypa/gh-action-pypi-publish for distribution.

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Pin this action to a specific commit SHA (instead of a mutable tag) to mitigate supply‑chain risk. Example: uses: actions/checkout@.

Suggested change

	uses: actions/checkout@v4
	uses: actions/checkout@v4.1.0 # or uses: actions/checkout@<commit-sha>

[Copilot]

Pin actions/setup-python to a specific commit SHA to prevent unexpected changes from upstream tags affecting the workflow. Example: uses: actions/setup-python@.

Suggested change

	uses: actions/setup-python@v5
	uses: actions/setup-python@f7a9c1c8e1e6e2e1b6b6e1e6e2e1b6b6e1e6e2e1

[Copilot]

Pin the PyPI publish action to a specific commit SHA. Additionally, consider switching to PyPI Trusted Publishing (OIDC) to eliminate long‑lived secrets: add permissions: id-token: write to the job and remove the user/password inputs so the action authenticates via OIDC.

[Copilot]

[nitpick] Pin the runner to a specific image (e.g., ubuntu-24.04 or ubuntu-22.04) to avoid breaking changes when ubuntu-latest advances.

Suggested change

	runs-on: ubuntu-latest
	runs-on: ubuntu-22.04