viewer-3.10 #22

	name: Release to PyPi
	on:
	release:
	types: [created]

	env:
	AWS_ROLE: arn:aws:iam::${{secrets.AWS_ACCOUNT}}:role/PublisherTokenReader
	AWS_REGION: us-west-2

	jobs:
	upload-to-pypi:
	name: Upload to PyPi
	runs-on: ubuntu-20.04
	permissions:
	id-token: write
	contents: write
	steps:
	- uses: actions/checkout@v4
	- name: Install dependencies
	run: python3 -m pip install --upgrade pip build setuptools wheel
	- name: Build pip package
	run: python3 -m build
	- name: Authenticate GitHub workflow to AWS
	uses: aws-actions/configure-aws-credentials@v4
	with:
	role-to-assume: ${{ env.AWS_ROLE }}
	aws-region: ${{ env.AWS_REGION }}
	- name: Fetch secrets
	run: \|
	github_token="$(aws secretsmanager get-secret-value --secret-id RELEASE_CI_ACCESS_TOKEN \| jq -r '.SecretString')"
	echo "::add-mask::$github_token"
	echo "GITHUB_TOKEN=$github_token" >> $GITHUB_ENV
	- name: set asset path and name
	id: get_package_name
	run: \|
	echo "package_name=$(ls dist/*.whl \| cut -d / -f 2)" >> $GITHUB_OUTPUT
	- name: Upload release binary
	uses: softprops/action-gh-release@v2
	with:
	files: dist/${{ steps.get_package_name.outputs.package_name }}
	- name: Publish package distributions to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1

Provide feedback