Add GitHub Actions workflow for PyPI publishing

[CodeHalwell]

Summary

This PR adds a GitHub Actions workflow to automate building and publishing the package to PyPI. The workflow is triggered on version tags (v*), GitHub releases, or manual dispatch. It builds source and wheel distributions, validates metadata with twine, and publishes to PyPI using trusted publishing (OIDC).

Checklist

• Workflow configuration added (.github/workflows/publish.yml)
• Unit tests covering the new behavior. (N/A - workflow configuration)
• Round-trip test added to tests/integration/test_round_trip.py (N/A - workflow configuration)
• HISTORY.rst entry under the unreleased section. (N/A - workflow configuration)
• Doc updates if the change is user-visible. (N/A - internal CI/CD)
• pytest --cov=pptx tests passes locally. (N/A - workflow configuration)
• behave --stop passes locally. (N/A - workflow configuration)
• No new pyright errors. (N/A - workflow configuration)

Test notes

The workflow will be tested automatically when:

1. A version tag matching v* is pushed
2. A GitHub release is published
3. The workflow is manually triggered via workflow_dispatch

The workflow uses uv for dependency management and Python 3.12, builds distributions with uv build, validates metadata with twine, and publishes using PyPI's trusted publishing mechanism (OIDC).

https://claude.ai/code/session_0164biHHCtEyoZnDTJfRbuKE

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[Copilot]

Pull request overview

Adds a GitHub Actions workflow to build Python distributions and publish power-pptx to PyPI using trusted publishing (OIDC), enabling automated releases from Git tags / GitHub releases / manual dispatch.

Changes:

• Add .github/workflows/publish.yml workflow with separate build + publish jobs.
• Build sdist/wheel via uv build, validate via twine check, and publish via uv publish with OIDC.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The workflow is configured to run on both tag pushes (v*) and published releases. If a GitHub release is created for a tag, this can trigger two runs for the same version and attempt to publish twice, which will typically fail on the second run (files already exist) or create confusing noise. Consider choosing a single trigger (tag or release), or add a guard/concurrency so only one publish run can proceed per tag/version.

[Copilot]

In publish-pypi, the job-level permissions block sets only id-token: write, which disables other token permissions. actions/download-artifact typically requires actions: read (and many repos also keep contents: read) to fetch artifacts; with the current permissions, this step may fail at runtime. Add the minimal required permissions alongside id-token: write so artifact download and publishing can succeed.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 556101fb3a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Prevent double-publishing on release and tag events

This workflow publishes on both push.tags and release.published, so a normal release process that pushes vX.Y.Z and then publishes a GitHub Release for the same tag will run this pipeline twice. The second run will attempt to upload an already-published version to PyPI, which is rejected, leaving the release workflow red even though the first publish succeeded. Consider choosing one trigger or adding an event/ref guard so each version is published exactly once.

Useful? React with 👍 / 👎.