fix: bump semantic release (#236)

* fix: bump semantic release

* fix: bump versioning and add environment

* fix: move if check

* fix: some other version bumps

Author: Lash-L

.github/workflows/ci.yml

@@ -20,14 +20,14 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-      - uses: wagoid/[email protected].4
+      - uses: wagoid/[email protected].5
   lint:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: "3.11"
       - uses: pre-commit/[email protected]
 
   test:
@@ -47,7 +47,7 @@ jobs:
         uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
-      - uses: snok/install-poetry@v1.3.4
+      - uses: snok/install-poetry@v1.4.1
       - name: Install Dependencies
         run: poetry install
         shell: bash
@@ -56,30 +56,38 @@ jobs:
         shell: bash
   release:
     runs-on: ubuntu-latest
-    environment: release
     needs:
       - test
+    concurrency: release
+    if: github.ref == 'refs/heads/main'
+    permissions:
+      id-token: write
+    environment:
+      name: pypi
+      url: https://pypi.org/project/python-roborock/
 
     steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-      # Run semantic release:
-      # - Update CHANGELOG.md
-      # - Update version in code
-      # - Create git tag
-      # - Create GitHub release
-      # - Publish to PyPI
-      - name: Python Semantic Release
-        uses: relekang/[email protected]
-        if: github.ref == 'refs/heads/main'
-        with:
-          github_token: ${{ secrets.GH_TOKEN }}
-          repository_username: __token__
-          repository_password: ${{ secrets.PYPI_TOKEN }}
-      - name: Test release
-        uses: python-semantic-release/[email protected]
-        if: github.ref_name != 'main'
-        with:
-          additional_options: --noop
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Python Semantic Release
+      id: release
+      uses: python-semantic-release/[email protected]
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Publish package distributions to PyPI
+      uses: pypa/[email protected]
+      with:
+        password: ${{ secrets.PYPI_TOKEN }}
+
+      # NOTE: DO NOT wrap the conditional in ${{ }} as it will always evaluate to true.
+      # See https://github.com/actions/runner/issues/1173
+      if: steps.release.outputs.released == 'true'
+
+    - name: Publish package distributions to GitHub Releases
+      uses: python-semantic-release/[email protected]
+      if: steps.release.outputs.released == 'true'
+      with:
+        github_token: ${{ secrets.GITHUB_TOKEN }}