actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-12-28 01:44:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

💅📦 Split transitive dep constraints

Browse source 
This is a structural change allowing for better placement of direct
dependencies and limiting the transitive ones.
This commit is contained in:
Sviatoslav Sydorenko 2024-12-07 02:24:42 +01:00
parent f371c3d566
commit 43caae4bb1
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: 9345E8FEA89CA455
3 changed files with 23 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
requirements/runtime-constraints.in Normal file
View file

@ -0,0 +1,20 @@
###############################################################################
# #
# This file is only meant to exclude broken dependency versions, not feature #
# dependencies. #
# #
# GUIDELINES: #
# 1. Only list PyPI project versions that need to be excluded using `!=` #
# and `<`. #
# 2. It is allowed to have transitive dependency limitations in this file. #
# 3. Apply bare minimum constraints under narrow conditions, use #
# environment markers if possible. E.g. `; python_version < "3.12"`. #
# 4. Whenever there are no constraints, let the file and this header #
# remain in Git. #
# #
###############################################################################
# NOTE: 1.12.0 and later enable support for metadata 2.4
# NOTE: This can be dropped once twine stops using pkginfo
# Ref: https://github.com/pypa/twine/pull/1180
pkginfo ~= 1.12.0

7
requirements/runtime.in
View file

@ -1,9 +1,6 @@
twine ~= 6.0 -c runtime-constraints.in # limits known broken versions
# NOTE: 1.12.0 and later enable support for metadata 2.4 twine ~= 6.0
# NOTE: This can be dropped once twine stops using pkginfo
# Ref: https://github.com/pypa/twine/pull/1180
pkginfo ~= 1.12.0
# NOTE: Used to detect an ambient OIDC credential for OIDC publishing, # NOTE: Used to detect an ambient OIDC credential for OIDC publishing,
# NOTE: as well as PEP 740 attestations. # NOTE: as well as PEP 740 attestations.

2
requirements/runtime.txt
View file

@ -68,7 +68,7 @@ packaging==24.1
# twine # twine
pkginfo==1.12.0 pkginfo==1.12.0
# via # via
# -r runtime.in # -c runtime-constraints.in
# twine # twine
platformdirs==4.2.2 platformdirs==4.2.2
# via sigstore # via sigstore