Update permissions for CodeQL #5

	# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
	# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions

	name: Python package

	on:
	push:
	branches: [master]
	pull_request:
	branches: [master]
	release:
	types: [published]

	jobs:
	build:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	python-version: ['3.11']

	steps:
	- uses: actions/checkout@v4
	- name: Set up Python ${{ matrix.python-version }}
	uses: actions/setup-python@v4
	with:
	python-version: ${{ matrix.python-version }}
	cache: 'pip'
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	python -m pip install ruff pdm
	if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
	- name: Lint with Ruff
	run: \|
	# stop the build if there are Python syntax errors or undefined names
	ruff check .
	- name: Build wheel
	run: \|
	pdm build
	- name: Upload artifact
	uses: actions/upload-artifact@v3
	with:
	name: wheel
	path: dist/*

	publish:
	if: github.event_name == 'release' && github.event.action == 'published'
	needs: [build]
	name: upload release to PyPI
	runs-on: ubuntu-latest
	environment: release
	permissions:
	id-token: write
	steps:
	# retrieve your distributions here
	# Download artifact
	- name: Download artifact
	id: download
	uses: actions/download-artifact@v3
	with:
	name: wheel
	path: dist

	- name: Publish package distributions to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1

Provide feedback