From 5dbcb6e76b41ea040c740acef2075e72cfe6c0f9 Mon Sep 17 00:00:00 2001
From: Filipe Fernandes <ocefpaf@gmail.com>
Date: Mon, 12 Dec 2022 17:21:13 -0300
Subject: [PATCH] update PyPI GHA and add dependabot.yml

---
 .github/dependabot.yml     | 11 +++++++++++
 .github/workflows/pypi.yml | 13 ++++++++++---
 2 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..563dd9bc7
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# See https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/keeping-your-actions-up-to-date-with-dependabot
+
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels:
+      - "Bot"
diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index 5f1bd6394..f02b4a8b8 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -1,6 +1,13 @@
 name: Publish to PyPI
 
-on: ["push", "pull_request"]
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
 
 defaults:
   run:
@@ -15,7 +22,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v4
       with:
-        python-version: 3.x
+        python-version: "3.x"
 
     - name: Get tags
       run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
@@ -38,7 +45,7 @@ jobs:
         python -m twine check *
 
     - name: Publish a Python distribution to PyPI
-      if: ${{ github.event_name == 'release' }}
+      if: success() && github.event_name == 'release'
       uses: pypa/gh-action-pypi-publish@v1.5.1
       with:
         user: __token__