Update pypa/gh-action-pypi-publish action to v1.12.3 #354
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #354 +/- ##
=======================================
Coverage 99.35% 99.35%
=======================================
Files 5 5
Lines 309 309
=======================================
Hits 307 307
Misses 2 2 |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -56,7 +56,7 @@ | |||
| sed -i "s/5 - Production\/Stable/4 - Beta/g" setup.py | |||
| .venv/bin/python setup.py clean check sdist bdist_wheel | |||
| - name: Upload to PyPI Test | |||
| uses: pypa/[email protected].2 | |||
| uses: pypa/[email protected].3 | |||
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
| @@ -77,7 +77,7 @@ | |||
| .venv/bin/pip install wheel setuptools -r requirements.txt | |||
| .venv/bin/python setup.py clean check sdist bdist_wheel | |||
| - name: Upload to PyPI | |||
| uses: pypa/[email protected].2 | |||
| uses: pypa/[email protected].3 | |||
Check warning
Code scanning / Semgrep (reported by Codacy)
An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Warning
This PR contains the following updates:
v1.12.2->v1.12.3Release Notes
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)
v1.12.3Compare Source
✨ What's Improved
With the updates by @woodruffw💰 and @webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping
Twineto v6.0.1 andpkginfoto v1.12.0.📝 Docs
We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.
🛠️ Internal Updates
@br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @woodruffw💰 added the
workflow_refcontext to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally,jeepneyandsecretstoragetransitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3
🧔♂️ Release Manager: @webknjaz 🇺🇦
🙏 Special Thanks to @samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @pydantic💰!
🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)
💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
Configuration
📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.