Update release workflow to use Trusted Publishing

[cdce8p]

Closes #10256

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.86%. Comparing base (8486055) to head (54b617a).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #10263   +/-   ##
=======================================
  Coverage   95.86%   95.86%           
=======================================
  Files         175      175           
  Lines       19068    19068           
=======================================
  Hits        18280    18280           
  Misses        788      788           

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Pierre-Sassoulas]

Can't see anything wrong with it, let's test with a 3.3.5a0 version (then 3.3.5). I prepared the milestone, and I'll create the release branch shortly.

[cdce8p]

Can't see anything wrong with it, let's test with a 3.3.5a0 version (then 3.3.5). I prepared the milestone, and I'll create the release branch shortly.

Sounds good to me. I'm working on the astroid PR at the moment.
Feel free to merge this one. If there are other improvements I've missed, we can always add them later as well.

[github-actions]

The backport to maintenance/3.3.x failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-maintenance/3.3.x maintenance/3.3.x
# Navigate to the new working tree
cd .worktrees/backport-maintenance/3.3.x
# Create a new branch
git switch --create backport-10263-to-maintenance/3.3.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 42aa204b3d27a712588c3800b017149c74947486
# Push it to GitHub
git push --set-upstream origin backport-10263-to-maintenance/3.3.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-maintenance/3.3.x

Then, create a pull request where the base branch is maintenance/3.3.x and the compare/head branch is backport-10263-to-maintenance/3.3.x.

[webknjaz]

Is the combined check needed?
Isn't release always connected to a tag?

Suggested change

	if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags')
	if: github.event_name == 'release'

Also, there's now a convenient value for the ref type in the context:

Suggested change

	if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags')
	if: github.ref_type == 'tag'

[cdce8p]

Nice! Didn't know about github.ref_type.

Isn't release always connected to a tag?

Yes, it should be. Created #10267 to just use github.event_name == 'release' for the check.

[webknjaz]

Why not skip the entire job?

[cdce8p]

The job shouldn't even start in the first place.

• The workflow is only triggered on release -> published
• The upload jobs (to Github and PyPI) need Build which is only run for github.event_name == 'release'
  

  pylint/.github/workflows/release.yml

  Lines 15 to 18 in 42aa204

  	build:
  	name: Build release assets
  	runs-on: ubuntu-latest
  	if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags')

I usually prefer to be a bit more explicit with these checks when it comes to releases, even if not really necessary.

[webknjaz]

Yeah, I had a feeling this was overly verbose..