From 77d3087a0e2d12c28658abe3a6ed5027ac3c050b Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 20 May 2024 13:57:47 -0700
Subject: [PATCH 1/2] Move publishing action to use the pypi action

---
 .../workflows/lemur-publish-release-pypi.yml  | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/lemur-publish-release-pypi.yml b/.github/workflows/lemur-publish-release-pypi.yml
index 92f604cceb..1345813e81 100644
--- a/.github/workflows/lemur-publish-release-pypi.yml
+++ b/.github/workflows/lemur-publish-release-pypi.yml
@@ -1,5 +1,5 @@
-# This workflow will upload a Python Package using Twine when a Lemur release is created via github
-# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+# This workflow will upload a Python Package to PyPI when a Lemur release is created via github
+# For more information see: https://github.com/marketplace/actions/pypi-publish
 
 name: Publish Lemur's latest package to PyPI
 
@@ -8,9 +8,13 @@ on:
     types: [created]
 
 jobs:
-  deploy:
-
+  pypi-publish:
+    name: upload release to PyPI
     runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
+      id-token: write
 
     steps:
     - uses: actions/checkout@v4
@@ -31,11 +35,9 @@ jobs:
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install setuptools wheel twine
-    - name: Build and publish
-      env:
-        TWINE_USERNAME: ${{ secrets.LEMUR_PYPI_API_USERNAME }}
-        TWINE_PASSWORD: ${{ secrets.LEMUR_PYPI_API_TOKEN }}
+        pip install setuptools wheel
+    - name: Build package
       run: |
         python setup.py sdist bdist_wheel
-        twine upload dist/*
+    - name: Publish package distributions to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1

From bbbb9461d8faaa146759ceca2d4bf09c01c1cb4f Mon Sep 17 00:00:00 2001
From: Jasmine Schladen <jschladen@netflix.com>
Date: Mon, 20 May 2024 14:12:29 -0700
Subject: [PATCH 2/2] Add changelog entry, plus split workflow into two jobs

---
 .../workflows/lemur-publish-release-pypi.yml  | 67 ++++++++++++-------
 CHANGELOG.rst                                 |  5 ++
 2 files changed, 46 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/lemur-publish-release-pypi.yml b/.github/workflows/lemur-publish-release-pypi.yml
index 1345813e81..fb6c0c473a 100644
--- a/.github/workflows/lemur-publish-release-pypi.yml
+++ b/.github/workflows/lemur-publish-release-pypi.yml
@@ -8,36 +8,51 @@ on:
     types: [created]
 
 jobs:
+  build:
+    name: Build distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - name: Autobump version
+        run: |
+          # from refs/tags/v0.8.1 get 0.8.1
+          VERSION=$(echo $GITHUB_REF | sed 's#.*/v##')
+          PLACEHOLDER='^__version__ =.*'
+          VERSION_FILE='lemur/__about__.py'
+          # in case placeholder is missing, exists with code 1 and github actions aborts the build
+          grep "$PLACEHOLDER" "$VERSION_FILE"
+          sed -i "s/$PLACEHOLDER/__version__ = \"${VERSION}\"/g" "$VERSION_FILE"
+        shell: bash
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install setuptools wheel
+      - name: Build package
+        run: |
+          python setup.py sdist bdist_wheel
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
   pypi-publish:
     name: upload release to PyPI
     runs-on: ubuntu-latest
-    environment: release
+    environment:
+      name: release
+      url: https://pypi.org/p/lemur
     permissions:
       # https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-pypi
       id-token: write
-
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.x'
-    - name: Autobump version
-      run: |
-        # from refs/tags/v0.8.1 get 0.8.1
-        VERSION=$(echo $GITHUB_REF | sed 's#.*/v##')
-        PLACEHOLDER='^__version__ =.*'
-        VERSION_FILE='lemur/__about__.py'
-        # in case placeholder is missing, exists with code 1 and github actions aborts the build
-        grep "$PLACEHOLDER" "$VERSION_FILE"
-        sed -i "s/$PLACEHOLDER/__version__ = \"${VERSION}\"/g" "$VERSION_FILE"
-      shell: bash
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install setuptools wheel
-    - name: Build package
-      run: |
-        python setup.py sdist bdist_wheel
-    - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      - name: Download all the dists
+        uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index b99ec49a21..7ef1ca8a76 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -4,6 +4,11 @@ Changelog
 Unreleased
 ~~~~~~~~~~~~~~~~~~~~
 
+1.8.1 - `2024-05-20`
+~~~~~~~~~~~~~~~~~~~~
+
+Updated deployment workflow to use `pypa/gh-action-pypi-publish`.
+
 1.8.0 - `2024-05-20`
 ~~~~~~~~~~~~~~~~~~~~