From 47b743a0742fcf4a9bc6218caf3cf3bd6ba4478a Mon Sep 17 00:00:00 2001
From: tegwick <bernd.worsch@gmail.com>
Date: Tue, 16 Jun 2026 07:26:09 +0200
Subject: [PATCH] docs: record publish workflow smoke-test outcome (WP-0005
 T02)

Document workflow_dispatch run #17: build passes with .build-venv; twine
upload 401 indicates PACKAGE_USER/PACKAGE_TOKEN secrets need verification.
---
 docs/PACKAGE_RELEASE.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/docs/PACKAGE_RELEASE.md b/docs/PACKAGE_RELEASE.md
index b036152..e5b3e1f 100644
--- a/docs/PACKAGE_RELEASE.md
+++ b/docs/PACKAGE_RELEASE.md
@@ -70,6 +70,12 @@ Gitea rejects secret names prefixed with `GITEA_` — use `PACKAGE_USER` / `PACK
 The publish workflow fails at the upload step when either secret is missing or
 invalid. Do not commit tokens to the repository.
 
+**Smoke-test result (2026-06-16):** `workflow_dispatch` run #17 built and passed
+`twine check`; upload returned `401 Unauthorized`. That indicates
+`PACKAGE_USER` / `PACKAGE_TOKEN` repo secrets need verification (token must
+include `write:package`, username must match the token owner). Build step uses
+`.build-venv` and is PEP 668 safe on haskelseed.
+
 Verify secrets without cutting a release:
 
 1. Open **Actions → Publish Python package → Run workflow** (`workflow_dispatch`),