make build and deploy to PyPI Github Action use PyPI's new trusted publishers authentication

[valeriupredoi]

Description

This is us going forward and keeping up with the newest trends, and a big thank you to @bouweandela suggesting this to me for a different package. This is a simple, token-free, password-free secure method to upload the Python package to PyPI; it's described in https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/ and setup explained in https://docs.pypi.org/trusted-publishers/adding-a-publisher/ - but, in a nutshell, it goes like this:

• once the pkg has been built, the GA workflow uses a PyPA workflow that uploads it to PyPI, if and only if...
• an owner of the PyPI project enables Trusted Publishers on the PyPI project page (in settings etc)

This is the changed GA workflow at our end, for this to be enabled (note that the Python setup action has been upgraded to v4, the latest); I've not yet enabled Trusted Publishers at our PyPI project end, will do that only is this PR gets merged.

TODO

• enable TP at PyPI end if this is approved/merged
• have a look at the docs (we may have to change the description how we upload the PyPI package)

---

Checklist

It is the responsibility of the author to make sure the pull request is ready to review. The icons indicate whether the item will be subject to the 🛠 Technical or 🧪 Scientific review.

• 🧪 The new functionality is relevant and scientifically sound
• 🛠 This pull request has a descriptive title and labels
• 🛠 All checks below this pull request were successful

---

To help with the number pull requests:

• 🙏 We kindly ask you to review two other open pull requests in this repository

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (21ec6c2) 93.48% compared to head (b1fb196) 93.48%.
Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2269   +/-   ##
=======================================
  Coverage   93.48%   93.48%           
=======================================
  Files         238      238           
  Lines       12948    12948           
=======================================
  Hits        12105    12105           
  Misses        843      843           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[bouweandela]

Looks good to me @valeriupredoi! To test that everything works as expected, could you do an upload to test pypi?

[valeriupredoi]

cheers @bouweandela! Yis, I'll do us one tomorrow 👍

[valeriupredoi]

snap! Test (and subsequent actual) PyPI is complains about our development version:

ERROR    HTTPError: 400 Bad Request from https://test.pypi.org/legacy/          
         '2.11.0.dev5+gf1b1ecdc7' is an invalid value for Version. Error: Can't 
         use PEP 440 local versions. See                                        
         https://packaging.python.org/specifications/core-metadata for more     
         information.  

@bouweandela do you know of a workaround without an actual release that'd have the version set correctly? Only thing I can think of it to plop a hardcoded version in setup.py

[valeriupredoi]

OK a frozen version in setup.py did the trick and uploaded fine to Test PyPI 🍺

[bouweandela]

Thanks!

[valeriupredoi]

yay! Cheers, buds! Let me enable the script on PyPI main, then I'll merge, you and @zklaus will have a great time seeing how it uploads to PyPI when releasing next week, like a good movie 😁

[valeriupredoi]

yay! Cheers, buds! Let me enable the script on PyPI main, then I'll merge, you and @zklaus will have a great time seeing how it uploads to PyPI when releasing next week, like a good movie 😁

Done!