scikit-hep / pylhe

Hi @lukasheinrich after trying to release v0.0.6 the workflow hit an error that resulted in a

HTTPError: 403 Forbidden from https://upload.pypi.org/legacy/
Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information.

Given the "Getting 403 forbidden from TestPypi" Discussion on pypa/gh-action-pypi-publish I think the PyPI API token is set wrong. Can you regenerate one and set it as a new PYPI_PASSWORD GitHub secret (or give me access to the PyPI page so I can do it)?

I was at first worried as https://upload.pypi.org/legacy/ from this step

pylhe/.github/workflows/publish-package.yml

Lines 54 to 58 in 0e1806a

    
           - name: Publish distribution 📦 to PyPI 
        
             if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pylhe' 
        
             uses: pypa/gh-action-pypi-publish@v1.4.1 
        
             with: 
        
               password: ${{ secrets.pypi_password }}

seemed wrong, but twine's docs seems to verify that URL as being correct for PyPI (TestPyPI uses https://test.pypi.org/legacy/).

Thanks for fixing this @lukasheinrich!

	- name: Publish distribution 📦 to PyPI
	if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'scikit-hep/pylhe'
	uses: pypa/gh-action-pypi-publish@v1.4.1
	with:
	password: ${{ secrets.pypi_password }}

PyPI API token set wrong