From 0020b575f4c96ac72a899f7a4222efd6ac4f869f Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 21:43:23 +0200
Subject: [PATCH 1/9] Introduce a Github release step

---
 .github/workflows/release.yml | 41 ++++++++++++++++++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 03d0950..dd469fb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,8 +12,21 @@ on:
         type: string
 
 jobs:
+  tag:
+    name: Create Git Tag
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - name: Create Git Tag
+        run: |
+          git config user.name "${{ github.actor }}"
+          git config user.email "${{ github.actor }}@users.noreply.github.com"
+          git tag ${{ github.event.inputs.tag }}
+          git push origin ${{ github.event.inputs.tag }}
+          
   build:
-    #needs: tagging
     runs-on: ubuntu-latest
     permissions:
       contents: write  # Permission to write to repository contents (for creating releases)
@@ -35,6 +48,32 @@ jobs:
           name: dist  # This must match the name used in download step
           path: dist/
 
+  release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Download dist artifact (if any)
+        uses: actions/download-artifact@v4
+        with:
+          name: dist
+          path: dist
+
+      - name: Create GitHub Release with artifacts
+        uses: softprops/action-gh-release@v2.3.2
+        with:
+          tag_name: ${{ github.event.inputs.tag }}
+          name: ${{ github.event.inputs.tag }}
+          generate_release_notes: true
+          files: dist/*
+
+          
   # Job to publish the built package to PyPI
   publish:
     needs: build  # This job depends on the tag job

From f5a9bee4fa3e02003ad277b49d5ee0a3cf70dfca Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 21:44:16 +0200
Subject: [PATCH 2/9] Update release.yml

---
 .github/workflows/release.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dd469fb..ab19ab3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -27,6 +27,7 @@ jobs:
           git push origin ${{ github.event.inputs.tag }}
           
   build:
+    needs: tag
     runs-on: ubuntu-latest
     permissions:
       contents: write  # Permission to write to repository contents (for creating releases)
@@ -51,8 +52,10 @@ jobs:
   release:
     name: Create GitHub Release
     runs-on: ubuntu-latest
-    needs: build
-
+    needs: 
+      - build
+      - tag
+    
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4

From 95b563380a7516515f9c0a5572b97953ef7dc9a3 Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 21:57:09 +0200
Subject: [PATCH 3/9] Update .github/workflows/release.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ab19ab3..0760cd1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Download dist artifact (if any)
+      - name: Download dist artifact
         uses: actions/download-artifact@v4
         with:
           name: dist

From 174f8afec80ccd0a85efc28a6f376895061e6c08 Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 21:57:38 +0200
Subject: [PATCH 4/9] Update .github/workflows/release.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0760cd1..b0a5ddd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
         run: |
           git config user.name "${{ github.actor }}"
           git config user.email "${{ github.actor }}@users.noreply.github.com"
-          git tag ${{ github.event.inputs.tag }}
+          git tag -a ${{ github.event.inputs.tag }} -m "Release ${{ github.event.inputs.tag }}"
           git push origin ${{ github.event.inputs.tag }}
           
   build:

From dff9817c12bbfbfba82585670b667723a095422a Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 22:07:11 +0200
Subject: [PATCH 5/9] Update .github/workflows/release.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/release.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b0a5ddd..1275d77 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -79,7 +79,9 @@ jobs:
           
   # Job to publish the built package to PyPI
   publish:
-    needs: build  # This job depends on the tag job
+    needs: 
+      - build
+      - tag  # This job depends on the tag job
     runs-on: ubuntu-latest
     environment: release  # Use the release environment
 

From 166a0531e1a83ed312998767655f9c8fad912bc2 Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 22:22:19 +0200
Subject: [PATCH 6/9] release with appropriate permissions

---
 .github/workflows/release.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1275d77..cad3b3f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,6 +11,9 @@ on:
         required: true
         type: string
 
+permissions:
+  contents: write
+
 jobs:
   tag:
     name: Create Git Tag
@@ -25,12 +28,10 @@ jobs:
           git config user.email "${{ github.actor }}@users.noreply.github.com"
           git tag -a ${{ github.event.inputs.tag }} -m "Release ${{ github.event.inputs.tag }}"
           git push origin ${{ github.event.inputs.tag }}
-          
+
   build:
     needs: tag
     runs-on: ubuntu-latest
-    permissions:
-      contents: write  # Permission to write to repository contents (for creating releases)
     steps:
       # Step 1: Checkout the repository code
       - name: Checkout ${{ github.repository }}
@@ -55,7 +56,7 @@ jobs:
     needs: 
       - build
       - tag
-    
+
     steps:
       - name: Checkout Code
         uses: actions/checkout@v4
@@ -76,7 +77,7 @@ jobs:
           generate_release_notes: true
           files: dist/*
 
-          
+
   # Job to publish the built package to PyPI
   publish:
     needs: 

From f0b7ede0b1510b7fc3a10adfe76f55184275548a Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 22:24:19 +0200
Subject: [PATCH 7/9] fmt

---
 .github/workflows/release.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index cad3b3f..efa210c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -53,7 +53,7 @@ jobs:
   release:
     name: Create GitHub Release
     runs-on: ubuntu-latest
-    needs: 
+    needs:
       - build
       - tag
 
@@ -80,7 +80,7 @@ jobs:
 
   # Job to publish the built package to PyPI
   publish:
-    needs: 
+    needs:
       - build
       - tag  # This job depends on the tag job
     runs-on: ubuntu-latest

From f3dd90c305a0e7ff11e23e9654cc73548516012f Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 22:24:57 +0200
Subject: [PATCH 8/9] permissions also for test

---
 .github/workflows/test.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 7c2a2b6..eac1f8b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,8 @@ on:
 jobs:
   pre-commit:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read  # Permission to read repository contents
     steps:
       - uses: actions/checkout@v4
 
@@ -33,6 +35,10 @@ jobs:
     # The type of runner that the job will run on
     runs-on: ${{ matrix.os }}
 
+    permissions:
+      contents: read  # Permission to read repository contents
+      security-events: write  # Permission to write security events (for SonarQube)
+
     strategy:
       matrix:
         os: [ ubuntu-latest, windows-latest, macos-latest ]
@@ -59,4 +65,4 @@ jobs:
         uses: sonarsource/sonarcloud-github-action@v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
\ No newline at end of file
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

From 877ad76b7f3cd8c0d38834c46d1f3b06912f2145 Mon Sep 17 00:00:00 2001
From: Thomas Schmelzer <thomas.schmelzer@gmail.com>
Date: Mon, 21 Jul 2025 22:26:02 +0200
Subject: [PATCH 9/9] no json files

---
 .pre-commit-config.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9d44052..40dadc0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -7,7 +7,6 @@ repos:
         args:
           - --markdown-linebreak-ext=md
       - id: check-merge-conflict
-      - id: check-json
       - id: check-yaml
 
   - repo: https://github.com/astral-sh/ruff-pre-commit