From a07b4a46b1a34544a81fb4d0b1119992a9156c87 Mon Sep 17 00:00:00 2001
From: Gregory Poole <gbpoole@gmail.com>
Date: Wed, 29 Nov 2023 10:26:57 +1100
Subject: [PATCH 1/2] Turn off workflow publishing logic if secrets are not
 defined.

---
 .github/workflows/publish.yml | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 8d64a79..22acc89 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,6 +5,12 @@ on:
   release:
     types: [created]
 
+env:
+  PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+  TEST_PYPI_TOKEN: ${{ secrets.TEST_PYPI_TOKEN }}
+  RTD_WEBHOOK_URL: ${{ secrets.RTD_WEBHOOK_URL }}
+  RTD_WEBHOOK_TOKEN: ${{ secrets.RTD_WEBHOOK_TOKEN }}
+
 jobs:
 
   # Useful for workflow debugging
@@ -56,32 +62,32 @@ jobs:
 
       # Configure repository for test.PyPI
       - name: Configure Poetry for test.PyPI
-        if: "github.event.release.prerelease"
+        if: "github.event.release.prerelease && env.TEST_PYPI_TOKEN"
         run: |
           poetry config repositories.testpypi https://test.pypi.org/legacy/
           poetry config pypi-token.testpypi ${{ secrets.TEST_PYPI_TOKEN }}
 
       # Configure repository for PyPI
       - name: Configure Poetry for PyPI
-        if: "!github.event.release.prerelease"
+        if: "!github.event.release.prerelease && env.PYPI_TOKEN"
         run: |
           poetry config http-basic.pypi "__token__" ${{ secrets.PYPI_TOKEN }}
 
       # Publish docs
       - name: Trigger RTDs build
-        if: "!github.event.release.prerelease"
+        if: "!github.event.release.prerelease && env.RTD_WEBHOOK_URL && env.RTD_WEBHOOK_TOKEN"
         run: |
           curl -X POST                                     \
                -d "token=${{ secrets.RTD_WEBHOOK_TOKEN }}" \
                ${{ secrets.RTD_WEBHOOK_URL }}
 
       # Publish project to test.PyPI
-      # - name: Publish to test.PyPI
-      #   if: "github.event.release.prerelease"
-      #   run: poetry publish --build -r testpypi
-      #
-      # # ... else publish project to PyPI
-      # - name: Publish to PyPI
-      #   if: "!github.event.release.prerelease"
-      #   run: poetry publish --build
+      - name: Publish to test.PyPI
+        if: "github.event.release.prerelease && env.TEST_PYPI_TOKEN"
+        run: poetry publish --build -r testpypi
+
+      # ... else publish project to PyPI
+      - name: Publish to PyPI
+        if: "!github.event.release.prerelease && env.PYPI_TOKEN"
+        run: poetry publish --build
 

From 94dfaaf3be4ed7701225e2dce1a55e3772f4639f Mon Sep 17 00:00:00 2001
From: Gregory Poole <gbpoole@gmail.com>
Date: Wed, 29 Nov 2023 10:29:13 +1100
Subject: [PATCH 2/2] Add a comment about the use of env variables in
 publishing workflow.

---
 .github/workflows/publish.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 22acc89..10abb60 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -5,6 +5,7 @@ on:
   release:
     types: [created]
 
+# These are needed because secrets can not be used in 'if' expressions
 env:
   PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
   TEST_PYPI_TOKEN: ${{ secrets.TEST_PYPI_TOKEN }}