360 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Sviatoslav Sydorenko	8cafb5c2bf	💰 Sync the funding config	2024-12-23 02:29:15 +01:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	916e57631f	Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundle ... 💅 Bundle attestation existence check together	2024-12-10 19:25:21 +01:00
Sviatoslav Sydorenko	daa899706d	📝 Add a GH Sponsors badge	2024-12-10 02:15:24 +01:00
Sviatoslav Sydorenko	72d1032bb0	💅 Bundle attestation existence check together ... This patch moves said check out of the signing loop and performs the check early in the process. It is then able to report multiple problems in a single error.	2024-12-10 01:52:29 +01:00
Sviatoslav Sydorenko	88a4d039d1	📝💅 Add a PyPA badge to README	2024-12-10 01:47:47 +01:00
Sviatoslav Sydorenko	674c7c85f0	📝 Fix s/PyPA/PyPUG/ typo on the badge	2024-12-10 01:47:15 +01:00
Sviatoslav Sydorenko	03e1883a77	💅📝 Add a tutorial badge to README	2024-12-10 01:36:55 +01:00
Sviatoslav Sydorenko	97583d9694	🧪 Allow 8 module members @ flake8 rule	2024-12-10 01:36:36 +01:00
Sviatoslav Sydorenko	fe7e9df44b	🧪 Disable WPS318 @ flake8	2024-12-10 01:36:15 +01:00
Sviatoslav Sydorenko	f14df0bb20	💅 Add a return type to die() @ attestations	2024-12-10 01:35:33 +01:00
Sviatoslav Sydorenko	67339c736f	📦 Only keep lower bounds @ input requirements ... This concerns both direct (`twine`) and indirect (`pkginfo`) deps, provided there's no broken versions to exclude.	2024-12-09 15:07:39 +01:00
Sviatoslav Sydorenko	cbd6d01d85	📝Fix a typo in "privileges" @ README	2024-12-07 05:17:14 +01:00
Sviatoslav Sydorenko	7252a9a09c	📝 Outline unsupported scenarios in README	2024-12-07 05:13:12 +01:00
Sviatoslav Sydorenko	a536fa9505	📌📦 Include jeepney & secretstorage pins ... It appears these have been missed when updating `cryptography`. This is probably dependabot's fault.	2024-12-07 02:25:27 +01:00
Sviatoslav Sydorenko	43caae4bb1	💅📦 Split transitive dep constraints ... This is a structural change allowing for better placement of direct dependencies and limiting the transitive ones.	2024-12-07 02:24:42 +01:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	f371c3d566	Merge pull request #313 from webknjaz/maintenance/metadata-2.4 ... This patch adds support for uploading dists with metadata v2.4 through bumping the transitive dependency `pkgutil` to v1.12 to enable support for validating metadata v2.4 in Twine. It also integrates a Maturin-based package into the smoke test in CI as a regression check. Closes #312 Resolves #311 Resolves #310	2024-12-06 19:53:07 +01:00
William Woodruff	138a1215a3	📌📦 Pin pkginfo to v1.12 @ runtime deps ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-12-06 19:35:56 +01:00
Sviatoslav Sydorenko	ff2b051b0a	🧪 Add a Maturin-based package to CI	2024-12-06 19:35:46 +01:00
Sviatoslav Sydorenko	0a0a6ae824	🧪 Allow CI to register multiple distributions ... This is necessary to allow the smoke test check uploading multiple packages.	2024-12-06 19:35:41 +01:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	e7723a410e	Merge pull request #309 from trail-of-forks/ww/bumptwine ... requirements: bump twine to ~= 6.0	2024-12-04 13:01:05 +01:00
William Woodruff	0e10725395	requirements: bump twine to ~= 6.0 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-12-01 12:05:46 -05:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	218af422c0	Merge pull request #305 from trail-of-forks/ww/debug-workflow-ref	2024-11-24 03:01:28 +01:00
William Woodruff	7c5c585c36	oidc-exchange: add workflow_ref to debug msg ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-11-22 12:58:46 -05:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)	93e87954aa	Merge pull request #301 from br3ndonland/ghcr-sha	2024-11-15 04:22:10 +01:00
Brendon Smith	f81cd95ad9	Tag Docker images with Git SHA ... PR https://github.com/pypa/gh-action-pypi-publish/pull/230 updated the action to pull Docker images from GHCR instead of building Docker images each time the workflow runs. As part of this PR, a new GitHub Actions workflow was added that builds Docker images and pushes them to GitHub Container Registry (GHCR). Actions can be referenced in various ways. The Docker build workflow covers most of the action references, but does not push Docker images tagged with the Git commit ID (Git SHA). This commit will add Docker tags for referencing the action with a Git SHA. GitHub Actions only supports references by the full 40 character SHA. If users try to reference the action by a short SHA like `1234567`, they will get an error like, "Unable to resolve action `pypa/gh-action-pypi-publish@1234567`, the provided ref `1234567` is the shortened version of a commit SHA, which is not supported. Please use the full commit SHA `1234567890123456789012345678901234567890` instead." https://github.com/pypa/gh-action-pypi-publish/pull/230 https://github.com/pypa/gh-action-pypi-publish/issues/290 https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/using-pre-written-building-blocks-in-your-workflow#using-shas	2024-11-11 18:58:36 -05:00
Sviatoslav Sydorenko (Святослав Сидоренко)	15c56dba36	Merge pull request #297 from trail-of-forks/ww/bump-pypi-attestations ... requirements: bump pypi-attestations to 0.0.15	2024-11-07 00:00:24 +01:00
William Woodruff	fe8d1484ba	requirements: bump pypi-attestations to 0.0.15 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-11-06 17:53:10 -05:00
Sviatoslav Sydorenko (Святослав Сидоренко)	1f5d4ec244	Merge pull request #295 from trail-of-forks/ww/fix-sdist-collection	2024-11-06 20:01:10 +01:00
William Woodruff	fec2f0c0ce	attestations: collect *.zip sdists as well ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-11-06 13:43:44 -05:00
Sviatoslav Sydorenko (Святослав Сидоренко)	a8b73a6d88	Merge pull request #294 from webknjaz/bugfixes/optional-python	2024-11-06 16:24:24 +01:00
Sviatoslav Sydorenko	9b4dfb0c84	✨ Pre-install Python if there's none ... This is not usually the case for GitHub-hosted Runners but it might happen with self-hosted runners. Fixes #289.	2024-11-06 16:20:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	0a87186d5f	Merge pull request #293 from webknjaz/bugfixes/uncheckout-intermediate-action	2024-11-06 15:50:37 +01:00
Sviatoslav Sydorenko	dfcfeca43e	🧪 Use prefetched action to make trampoline ... Previously, the action repository was being cloned from the remote twice, unnecessarily. This patch eliminates this step and uses the copy that was checked out on job start. The generated trampoline action is still copied into the allowlisted working directory so it can be referenced by the relative path starting with `./`. It is now output under `./.github/.tmp/.generated-actions/run-pypi-publish-in-docker-container` which mutates the end-user's workspace slightly but uses a path that is unlikely to clash with somebody else's use. Unfortunately, we cannot use randomized paths because the composite action syntax does not allow accessing variables in `uses:`. Fixes #292.	2024-11-06 15:47:43 +01:00
Sviatoslav Sydorenko	0d02f372c3	📝💅 Update the CI/CD badge in README ... This is a follow-up for #230, which renamed the workflow filename.	2024-11-05 22:29:18 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	61da13deb5	Merge pull request #230 from br3ndonland/ghcr ... Build Docker image and push to GHCR	2024-11-05 20:58:36 +01:00
Brendon Smith	36965cb24a	Run smoke tests before Docker builds ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1787027821	2024-11-04 16:35:15 -05:00
Brendon Smith	da554410b0	Move smoke test to reusable workflow	2024-11-04 16:35:14 -05:00
Brendon Smith	80b1d50e0d	Make workflow_dispatch Docker tag input required ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1759496153	2024-11-04 16:35:14 -05:00
pre-commit-ci[bot]	1b9f21a741	[pre-commit.ci] auto fixes from pre-commit.com hooks ... for more information, see https://pre-commit.ci	2024-11-04 16:35:14 -05:00
Brendon Smith	cfb9d93a26	Add Docker tags for major and minor versions	2024-11-04 16:35:14 -05:00
Brendon Smith	153ccde9bc	Verify fail-fast in unsupported environments	2024-11-04 16:35:14 -05:00
Brendon Smith	d03addb8e6	Drop args from create-docker-action.py ... Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>	2024-11-04 16:35:14 -05:00
Brendon Smith	bacb62682c	Fail-fast in unsupported environments ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1632406604 Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>	2024-11-04 16:35:14 -05:00
Brendon Smith	7ea8313fc2	Check repo ID instead of repo owner ID	2024-11-04 16:35:14 -05:00
Brendon Smith	f51682fb52	Check repo owner ID instead of repo name	2024-11-04 16:35:14 -05:00
Brendon Smith	a360fcb184	Dump action as JSON	2024-11-04 16:35:14 -05:00
Brendon Smith	a869dd36b2	Checkout github.head_ref and repo for PRs ... https://github.com/actions/checkout/issues/27#issuecomment-535897113 https://github.com/actions/checkout/issues/1108	2024-11-04 16:35:14 -05:00
Brendon Smith	5ded5310e7	Add workflow_dispatch trigger for Docker builds	2024-11-04 16:35:13 -05:00
Brendon Smith	cf5ce177da	Use YAML block strip syntax (>-) where possible	2024-11-04 16:35:13 -05:00
Brendon Smith	f1f014b445	Reset pre-commit files: regex	2024-11-04 16:35:13 -05:00