fix: bump semantic release

Author: Lash-L

.github/workflows/ci.yml

@@ -56,30 +56,32 @@ jobs:
         shell: bash
   release:
     runs-on: ubuntu-latest
-    environment: release
     needs:
       - test
+    concurrency: release
+    permissions:
+      id-token: write
 
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      # Run semantic release:
-      # - Update CHANGELOG.md
-      # - Update version in code
-      # - Create git tag
-      # - Create GitHub release
-      # - Publish to PyPI
-      - name: Python Semantic Release
-        uses: relekang/python-semantic-release@v7.34.6
-        if: github.ref == 'refs/heads/main'
-        with:
-          github_token: ${{ secrets.GH_TOKEN }}
-          repository_username: __token__
-          repository_password: ${{ secrets.PYPI_TOKEN }}
-      - name: Test release
-        uses: python-semantic-release/python-semantic-release@v7.34.6
-        if: github.ref_name != 'main'
-        with:
-          additional_options: --noop
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Python Semantic Release
+      id: release
+      if: github.ref == 'refs/heads/main'
+      uses: python-semantic-release/python-semantic-release@v8.7.0
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Publish package distributions to PyPI
+      uses: pypa/gh-action-pypi-publish@v1
+      # NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true.
+      # See https://github.com/actions/runner/issues/1173
+      if: steps.release.outputs.released == 'true'
+
+    - name: Publish package distributions to GitHub Releases
+      uses: python-semantic-release/upload-to-gh-release@v8.7.0
+      if: steps.release.outputs.released == 'true'
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}