ci: Use pypa/gh-action-pypi-publish and trusted publishing #4

	name: Upload to Test PyPI

	# On every push to main, push to Test PyPI
	on:
	push:
	#branches:
	# - main

	# TODO: De-duplicate with build-test.yml
	# TODO: De-duplicate with python-publish-release.yml

	jobs:
	build:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	# https://github.com/actions/checkout#fetch-all-history-for-all-tags-and-branches
	- name: Unshallow checkout
	run: git fetch --prune --unshallow

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: '3.x'

	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	pip install setuptools wheel

	sudo apt-get update
	sudo apt-get install -y musl-tools scons

	- name: Build
	env:
	BOOTLOADER_CC: /usr/bin/musl-gcc
	CI_VERSION_BUILD_NUMBER: ${{ github.run_id }}
	run: python setup.py sdist bdist_wheel

	- name: Upload artifacts
	uses: actions/upload-artifact@v3
	with:
	name: python-dist
	path: dist/


	pypi-publish:
	name: Upload release to Test PyPI
	runs-on: ubuntu-latest
	environment:
	name: TestPyPI
	url: https://test.pypi.org/project/staticx/
	permissions:
	id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
	steps:
	- name: Download artifacts
	uses: actions/download-artifact@v3
	with:
	name: python-dist
	path: dist/

	- name: Display downloaded files
	run: ls -R

	- name: Publish
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	print-hash: true
	repository-url: https://test.pypi.org/legacy/

Provide feedback