From 151cf8ba5b726767556383bf5b3157a90489229f Mon Sep 17 00:00:00 2001
From: Sam Paniagua <theeseus@protonmail.com>
Date: Tue, 19 May 2026 15:13:11 +0200
Subject: [PATCH] chore(ci): improve PyPI publish workflow with Trusted
 Publishing

- Add environment URL for better traceability
- Add clear step name for the publish action
- Add helpful comments
- Minor formatting and cleanup
---
 .github/workflows/python-publish.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index ebde3fc..53d5272 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -14,14 +14,17 @@ jobs:
       contents: read
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-python@v5
         with:
           python-version: "3.13"
           cache: pip
           cache-dependency-path: packages/core-python/pyproject.toml
+
       - run: python -m pip install -e ".[dev]"
       - run: python -m build
       - run: python -m twine check dist/*
+
       - uses: actions/upload-artifact@v4
         with:
           name: python-distributions
@@ -33,14 +36,19 @@ jobs:
     needs: build
     permissions:
       contents: read
-      id-token: write
+      id-token: write   # Required for Trusted Publishing
     environment:
       name: pypi
+      url: https://pypi.org/p/knolo   # Recommended
+
     steps:
       - uses: actions/download-artifact@v4
         with:
           name: python-distributions
           path: dist
-      - uses: pypa/gh-action-pypi-publish@release/v1
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
           packages-dir: dist
+          # attestations: true   # Uncomment if you want Sigstore provenance
\ No newline at end of file