🔒 Add GPG keys to sign the python wheel to publish on pypi

.github/workflows/publish.yml

@@ -14,10 +14,19 @@ jobs:
         run: |
           python -m pip install --upgrade pip
           pip install setuptools wheel twine
-      - name: Build and publish
-        env:
-          TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+
+      - name: Import GPG Key
+        run: |
+          echo "${{ secrets.GPG_PRIVATE_KEY }}" | base64 --decode | gpg --import
+
+      - name: Build and sign distribution
         run: |
           python setup.py sdist bdist_wheel
-          twine upload dist/*
+          gpg --detach-sign -a dist/*.tar.gz
+          gpg --detach-sign -a dist/*.whl
+
+      - name: Upload to PyPI
+        run: twine upload dist/*
+        env:
+          TWINE_USERNAME: __token__
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}