Added release workflow

[santacodes]

Added release.yml file referred from PyPI OIDC docs.

[agriyakhetarpal]

This isn't correct – the PyPI docs are likely truncated and display only a truncated part of what is needed to be added. You'll need to build an sdist and a wheel in one job using pypa/build (I like https://github.com/hynek/build-and-inspect-python-package), upload their artifacts, download them in another job, and and trigger the publishing from that job.

Also, you might have done this already, but please ensure that the name of the workflow file matches that set in the PyPI settings for pybamm-cookie that you might have set up by now (if you have, please feel free to add us there!) and that the name of the environment you added matches the one in the environment: section here, i.e., release.

[santacodes]

@agriyakhetarpal @Saransh-cpp sorry for the delay, could you verify if the release workflow is now valid? pypa/gh-action-pypi-publish@release/v1 action by default looks for the sdist and whl from the dist/ directory so a simple python -m build should do it I guess?

[agriyakhetarpal]

No, this still isn't valid, but the structure is getting towards the right place!

• The idea is to build the sdist and wheel in an entirely separate job, upload them as artifacts (you're right – both can be kept in a dist/ folder).
• We don't need to set up uv, GHA runners come with pipx by default, so you can just run pipx run build instead of python -m build.
• Then, in a separate Ubuntu job, download the artifacts, and grant just that job id-token: write permissions – the separation of the jobs is important for security reasons: please read the end of the Trusted publishing section of the documentation.

Also, the latest release of pypa/gh-action-pypi-publish is v1.9.0, could you update that and set it to point to the hash of the v1.9.0 commit? I'll suggest a change below for it.

[agriyakhetarpal]

Thanks for the fixes, @santacodes! Let's create the release in the meeting a short while from now.