pypi-publish

mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-11-22 00:21:08 -05:00

Author	SHA1	Message	Date
William Woodruff	335e8b00ae	bump sigstore==3.5.1 Signed-off-by: William Woodruff <william@trailofbits.com>	2024-10-28 14:29:41 -04:00
William Woodruff	1545e96dcb	requirements: bump sigstore, pypi-attestations Signed-off-by: William Woodruff <william@trailofbits.com>	2024-10-22 12:40:04 -04:00
Sviatoslav Sydorenko (Святослав Сидоренко)	f7600683ef	Merge pull request #271 from mosfet80/patch-3 Some checks failed 🧪 / smoke-test (push) Has been cancelled Details Update `actions/checkout` to v3 in self-tests	2024-09-29 11:06:37 +02:00
mosfet80	6edc294485	Fix node.js v16 deprecation self-smoke-test-action.yml actions/checkout@v3 use node.js versio 16. But version 16 is deprecated. version 4 fixes the problem.	2024-09-29 09:04:41 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	85a5a80b22	Merge pull request #270 from trail-of-forks/fix-magic-link-summary Some checks are pending 🧪 / smoke-test (push) Waiting to run Details	2024-09-29 01:45:28 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	954318b48e	Merge pull request #267 from mosfet80/patch-2	2024-09-29 01:38:05 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	24791c7774	Merge pull request #266 from mosfet80/patch-1	2024-09-29 01:37:58 +02:00
Facundo Tuesca	d8c894824b	Fix magic link nudge formatting in job summary	2024-09-27 20:47:50 +02:00
Facundo Tuesca	a1ce3844ac	Check for Trusted Publishing in magic link logic	2024-09-27 20:47:02 +02:00
mosfet80	00b87c80e8	Update check-jsonschema and pre-commit libs https://github.com/python-jsonschema/check-jsonschema/releases https://github.com/pre-commit/pre-commit-hooks/releases/tag/v4.6.0	2024-09-23 11:56:13 +02:00
mosfet80	a571f1e128	Update pylint lib https://github.com/pylint-dev/pylint/releases/tag/v3.3.0	2024-09-23 11:52:50 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	897895f1e1	Merge pull request #262 from trail-of-forks/ww/bump-attestations-req Some checks failed 🧪 / smoke-test (push) Has been cancelled Details Resolves #263	2024-09-20 23:35:44 +02:00
William Woodruff	ce32325c61	requirements: bump pypi-attestations to 0.0.12 Signed-off-by: William Woodruff <william@trailofbits.com>	2024-09-19 18:14:50 +02:00
Facundo Tuesca	36978192ca	Add nudge message with magic link to create new Trusted Publisher Some checks failed 🧪 / smoke-test (push) Has been cancelled Details PR #250 Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>	2024-09-05 17:25:58 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	4f8925cefa	Merge pull request #258 from facutuesca/patch-1	2024-09-05 17:06:25 +02:00
Facundo Tuesca	a58e550ac2	Remove redundant `Path.absolute()` call	2024-09-03 16:21:03 +02:00
Sviatoslav Sydorenko	0ab0b79471	🚑 Invert the dists-to-attest validity check Some checks failed 🧪 / smoke-test (push) Has been cancelled Details This bug sneaked into #236 but should not affect many people as the attestations generation feature is experimental and opt-in. Fixes #256	2024-09-03 10:25:06 +02:00
William Woodruff	8a08d61689	Expose PEP 740 attestations functionality Some checks failed 🧪 / smoke-test (push) Has been cancelled Details PR #236 This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`. Ref: https://github.com/pypi/warehouse/issues/15871	2024-09-01 02:50:29 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	fb9fc6a4e6	Merge pull request #245 from trail-of-forks/ww/bump-twine Some checks failed 🧪 / smoke-test (push) Has been cancelled Details	2024-06-27 19:55:19 +02:00
William Woodruff	4d020ff0a9	requirements: re-compile requirements with latest twine Signed-off-by: William Woodruff <william@trailofbits.com>	2024-06-24 16:49:50 -04:00
Sviatoslav Sydorenko	ec4db0b4dd	Merge PR #243 into unstable/v1 Some checks failed 🧪 / smoke-test (push) Has been cancelled Details	2024-06-16 20:09:43 +02:00
William Woodruff	e7908444c6	oidc-exchange: link to status dashboard Signed-off-by: William Woodruff <william@trailofbits.com>	2024-06-11 17:49:43 -04:00
Sviatoslav Sydorenko	87b624f871	💅Update homepage @ Dockerfile to GH Marketplace	2024-05-29 22:25:10 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	da2f9bb91e	Merge pull request #241 from br3ndonland/ghcr-label Add Docker label for GHCR	2024-05-29 22:20:17 +02:00
Brendon Smith	abbea2dd5c	Add Docker label for GHCR This commit will add the label `org.opencontainers.image.source` to the Dockerfile. This label helps link GitHub Container Registry (GHCR) with the associated repo. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630	2024-05-29 22:18:35 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	2734d07314	build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements (#240 ) build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements	2024-05-29 16:37:07 +02:00
dependabot[bot]	a54b9b8952	--- updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko	699cd6103f	⇪📦 Bump the runtime dep lockfile	2024-05-16 17:50:20 +02:00
pre-commit-ci[bot]	8414fc2457	[pre-commit.ci] pre-commit autoupdate (#225 ) * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5) - [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1) - [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0) - [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0) - [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0) * Bump WPS to v0.19.x series * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Merge separate flake8 runs back into one --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>	2024-05-16 15:39:26 +00:00
Peter Shen	67a07ebbed	Disable the progress bar when running `twine upload` PR #231 Resolves #229 Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>	2024-05-16 17:14:58 +02:00
William Woodruff	771d60f44b	Eliminate future tense in the password nudge in `twine-upload` Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI. Signed-off-by: William Woodruff <william@trailofbits.com> PR #234 Fixes #233	2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko	04f4e64de3	Set Python 3.11 for the `flake8-commas` linter It doesn't yet support 3.12 and is an unconditional dependency of WPS.	2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	3fbcf7ccf4	Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7 build(deps): bump idna from 3.6 to 3.7 in /requirements	2024-04-12 15:30:45 +02:00
dependabot[bot]	576aae3934	build(deps): bump idna from 3.6 to 3.7 in /requirements Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7) --- updated-dependencies: - dependency-name: idna dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko	81e9d935c8	Bump `pip` to v24.0 in runtime prerequisites lock	2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko	91527c4583	Regenerate lockfiles with pip-tools v7.4.1	2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko	3a817c6dce	Bump action runtime to CPython 3.12	2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko	741947b9ca	Add a config file for `pip-tools`	2024-03-07 23:43:48 +01:00
Sviatoslav Sydorenko	d7af439579	Mass-bump transitive dependencies of runtime	2024-03-07 23:08:31 +01:00
Sviatoslav Sydorenko	e90ddca975	Bump `readme-renderer` to v43.0	2024-03-07 23:07:33 +01:00
Sviatoslav Sydorenko	dae7fa3e8d	Bump Twine to v5.0.0	2024-03-07 23:05:40 +01:00
Sviatoslav Sydorenko	0fe04ae7d9	Bump `id` to v1.3.0	2024-03-07 23:04:40 +01:00
Sviatoslav Sydorenko	444e17980b	Bump cryptography to v42.0.5	2024-03-07 23:02:36 +01:00
Sviatoslav Sydorenko	820be4e5e3	Normalize pip-tools' header comment @ `runtime.txt` It's currently not prefixed with `requirements/` in most places and that what Dependabot keeps using.	2024-03-07 23:00:46 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)	aec4e82833	Merge pull request #219 from SigureMo/re-generate-requirements build(deps): bump `pkginfo` version to support `Metadata-version=2.3`	2024-03-06 19:16:52 +01:00
SigureMo	b065889f7f	revert other bumps	2024-03-06 19:20:47 +08:00
SigureMo	00a7cd17a2	re-gen on Linux and run command in requirements/	2024-03-06 01:59:27 +00:00
SigureMo	2972d54cda	bump pkginfo only	2024-03-05 18:16:00 +08:00
SigureMo	f6a1bcf881	Revert "build(deps): re-generate requirements to support `Metadata-version=2.3`" This reverts commit `e6ed2a4dfb`.	2024-03-05 18:07:49 +08:00
SigureMo	e6ed2a4dfb	build(deps): re-generate requirements to support `Metadata-version=2.3`	2024-03-05 12:56:14 +08:00

1 2 3 4 5 ...

303 commits