Migrate to unified test workflow with build-and-inspect

- Replace separate main.yml and deploy.yml with unified test.yml
- Use hynek/build-and-inspect-python-package@v2 for building
- Remove SETUPTOOLS_SCM_PRETEND_VERSION hack (no longer needed)
- Test actual built wheel artifacts instead of source
- Migrate from hatch to uv for faster dependency management
- Add uv caching with astral-sh/setup-uv@v7
- Use trusted publishing with correct environment names
- Enable build provenance attestations for supply chain security

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

Author: RonnyPfannschmidt

.github/workflows/deploy.yml

@@ -0,0 +1,102 @@
+name: test
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  build-and-inspect:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Build and inspect package
+        uses: hynek/build-and-inspect-python-package@v2
+        with:
+          attest-build-provenance-github: true
+
+  test:
+    needs: build-and-inspect
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
+        os: [ubuntu-latest, windows-latest]
+
+    steps:
+      - name: Download built packages
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+
+      - name: Set up Python ${{ matrix.python }}
+        run: uv python install ${{ matrix.python }}
+
+      - name: Install package from wheel
+        run: uv pip install --system dist/*.whl
+
+      - name: Download test files
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            testing
+          sparse-checkout-cone-mode: false
+
+      - name: Run tests
+        run: uv run pytest testing --color=yes
+
+  publish-to-pypi:
+    name: Publish to PyPI
+    if: github.event_name == 'push' && github.event.action == 'published'
+    needs: [test, build-and-inspect]
+    runs-on: ubuntu-latest
+    environment: pypi-upload
+    permissions:
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Download built packages
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - name: Publish package to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  publish-to-test-pypi:
+    name: Publish to TestPyPI
+    if: |
+      github.repository == 'pytest-dev/iniconfig' &&
+      (github.event_name == 'push' && (
+        github.ref == 'refs/heads/main' ||
+        contains(github.ref, 'deploy')
+      ))
+    needs: [test, build-and-inspect]
+    runs-on: ubuntu-latest
+    environment: test-pypi-upload
+    permissions:
+      id-token: write
+      attestations: write
+
+    steps:
+      - name: Download built packages
+        uses: actions/download-artifact@v4
+        with:
+          name: Packages
+          path: dist
+
+      - name: Publish package to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://test.pypi.org/legacy/