From f9dec8c20c1d5514bb87cf077a08a1c2a8890cb5 Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 15:26:15 +0200
Subject: [PATCH 1/8] canonical package.yaml with pypi api token reference

---
 .github/workflows/package.yaml | 43 +++++++++++++++-------------------
 1 file changed, 19 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index a078484..b6584db 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -2,38 +2,33 @@ name: Publish to PyPI
 
 on:
   push:
-    branches: [ "hatch" ]
+    branches: [ "hatch" ] #main can be added 
   release:
     types: [published]
 
 permissions:
   contents: read
+  id-token: write  # Ensure this permission is available for trusted publishing
 
 jobs:
   deploy:
-
     runs-on: ubuntu-latest
-
     environment: release
-    permissions:
-      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
-
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: '3.10'
-        cache: 'pip'
-    - name: Install dependencies
-      run: |
-        # python -m pip install --upgrade pip 
-        pip install hatch
-    - name: Build package
-      run: hatch build
-    - name: Test package
-      run: hatch -e test run nose2 --verbose
-    - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
-      with:
-        repository-url: https://test.pypi.org/legacy/
\ No newline at end of file
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+      - name: Install dependencies
+        run: pip install hatch
+      - name: Build package
+        run: hatch build
+      - name: Test package
+        run: hatch -e test run nose2 --verbose
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets
+          repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From a81e6f4e0a21a2bb61e4f24cb9afe33ee9970d1d Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:01:04 +0200
Subject: [PATCH 2/8] Update package.yaml with trusted publishers vs api_token

---
 .github/workflows/package.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index b6584db..ceaddcf 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -30,5 +30,5 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets
+          #password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise trusted publishers mode 
           repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From 1083b06972d40cc07562d0169799034934c2f309 Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:15:30 +0200
Subject: [PATCH 3/8] Update package.yaml for __token__ handling

---
 .github/workflows/package.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index ceaddcf..f80aec9 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -30,5 +30,6 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          #password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise trusted publishers mode 
+          username: __token__
+          password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise use trusted publishers mode 
           repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From 11e07b9e384dfbc511b66f6bfe073b84129211d2 Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:32:49 +0200
Subject: [PATCH 4/8] new token

---
 .github/workflows/package.yaml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index f80aec9..b0b2704 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -30,6 +30,5 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          username: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise use trusted publishers mode 
+          password: ${{ secrets.MY_PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise use trusted publishers mode 
           repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From bef19699b9295f94dee1183011ff0213d56a958d Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:46:15 +0200
Subject: [PATCH 5/8] skip_existing: true

---
 .github/workflows/package.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index b0b2704..8c74f90 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -30,5 +30,6 @@ jobs:
       - name: Publish package distributions to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
+          skip_existing: true
           password: ${{ secrets.MY_PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise use trusted publishers mode 
           repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From 930665337e5db5d7aa7958c3e436e6e0c59aba6d Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:50:25 +0200
Subject: [PATCH 6/8] disable trusted publishers based permissions

---
 .github/workflows/package.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index 8c74f90..c7d6539 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -6,9 +6,9 @@ on:
   release:
     types: [published]
 
-permissions:
-  contents: read
-  id-token: write  # Ensure this permission is available for trusted publishing
+# permissions:
+#   contents: read
+#   id-token: write  # Ensure this permission is available for trusted publishing
 
 jobs:
   deploy:

From 948c10d4243d18c54ea8eabf32e897c78e09287f Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:52:38 +0200
Subject: [PATCH 7/8] going for straight upload

---
 .github/workflows/package.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/package.yaml b/.github/workflows/package.yaml
index c7d6539..3fe0e68 100644
--- a/.github/workflows/package.yaml
+++ b/.github/workflows/package.yaml
@@ -32,4 +32,4 @@ jobs:
         with:
           skip_existing: true
           password: ${{ secrets.MY_PYPI_API_TOKEN }}  # Ensure your PyPI API token is set in secrets otherwise use trusted publishers mode 
-          repository-url: https://test.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 
+          repository-url: https://upload.pypi.org/legacy/  # Use Test PyPI or main PyPI https://upload.pypi.org/legacy/ 

From 043a2ab47499bc83043b6ae0e15012fb0eac7fcb Mon Sep 17 00:00:00 2001
From: "Michele L." <37748899+xmichele@users.noreply.github.com>
Date: Wed, 25 Sep 2024 17:07:57 +0200
Subject: [PATCH 8/8] enable coverage computation in pyproject.toml

---
 pyproject.toml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index 5c0b8c0..fee31ed 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -70,13 +70,13 @@ dependencies = [
     "loguru"
 ]
 
-#[tool.hatch.envs.test.env-vars]
-#RETRY_ATTEMPTS="0"
+[tool.hatch.envs.test.env-vars]
+RETRY_ATTEMPTS="0"
 
 [tool.hatch.envs.test.scripts]
 test = "hatch run nose2"
 testv = "hatch run nose2 --verbose"
-#cov = ["coverage run --source=src -m nose2", "coverage report"]
+cov = ["coverage run --source=src -m nose2", "coverage report"]
 
 [[tool.hatch.envs.test.matrix]]
-python = ["3.8", "3.9", "3.10", "3.11", "3.12"]
\ No newline at end of file
+python = ["3.8", "3.9", "3.10", "3.11", "3.12"]