320 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Brendon Smith	54e5a03d42	Run smoke tests before Docker builds ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1787027821	2024-10-04 18:23:49 -04:00
Brendon Smith	11e5cd5789	Move smoke test to reusable workflow	2024-10-04 18:20:25 -04:00
Brendon Smith	3a538c1fe8	Make workflow_dispatch Docker tag input required ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1759496153	2024-10-04 18:15:19 -04:00
pre-commit-ci[bot]	e6d63cd9ba	[pre-commit.ci] auto fixes from pre-commit.com hooks ... for more information, see https://pre-commit.ci	2024-10-04 17:43:50 -04:00
Brendon Smith	6a5d17f6a7	Add Docker tags for major and minor versions	2024-10-04 17:43:50 -04:00
Brendon Smith	16c36691e6	Verify fail-fast in unsupported environments	2024-10-04 17:43:49 -04:00
Brendon Smith	483a6a6c8b	Drop args from create-docker-action.py ... Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>	2024-10-04 17:43:49 -04:00
Brendon Smith	640fe61d1d	Fail-fast in unsupported environments ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1632406604 Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>	2024-10-04 17:43:49 -04:00
Brendon Smith	7cd4e87775	Check repo ID instead of repo owner ID	2024-10-04 17:43:49 -04:00
Brendon Smith	27defc63ee	Check repo owner ID instead of repo name	2024-10-04 17:43:49 -04:00
Brendon Smith	f8e87467b5	Dump action as JSON	2024-10-04 17:43:49 -04:00
Brendon Smith	7085596c20	Checkout github.head_ref and repo for PRs ... https://github.com/actions/checkout/issues/27#issuecomment-535897113 https://github.com/actions/checkout/issues/1108	2024-10-04 17:43:49 -04:00
Brendon Smith	b3ac857fc2	Add workflow_dispatch trigger for Docker builds	2024-10-04 17:43:49 -04:00
Brendon Smith	20c36db551	Use YAML block strip syntax (>-) where possible	2024-10-04 17:43:49 -04:00
Brendon Smith	3f3acc27e9	Reset pre-commit files: regex	2024-10-04 17:43:49 -04:00
Brendon Smith	9d14a8ddfb	Generate Docker container action with Python	2024-10-04 17:43:49 -04:00
Brendon Smith	27ce557201	Separate docker login and docker push ... https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1578694138	2024-10-04 17:43:48 -04:00
Brendon Smith	e098680f1b	Fix pre-commit errors	2024-10-04 17:43:48 -04:00
Brendon Smith	104bf53067	Build Docker image and push to GHCR ... Up to this point, the project has been set up as a Docker action referencing the Dockerfile. The downside to using the Dockerfile for the action is that the Docker image must be built every time the action is used. This commit will set up the project to build the Docker image and push it to GitHub Container Registry (GHCR). This change will speed up user workflows every time the action is used because the workflows will simply pull the Docker image from GHCR instead of building again. Changes: - Add required metadata to Dockerfile - Build container image with GitHub Actions - Push container image to GHCR Docker actions support pulling in pre-built Docker images. The downside is that there's no way to specify the correct Docker tag because the GitHub Actions `image` and `uses:` keys don't accept any context. For example, if a user's workflow has `uses: pypa/gh-action-pypi-publish@release/v1.8`, then the action should pull in a Docker image built from the `release/v1.8` branch, something like `ghcr.io/pypa/gh-action-pypi-publish:release-v1.8` (Docker tags can't have `/`). The workaround is to switch the top-level `action.yml` to a composite action that then calls the Docker action, substituting the correct image name and tag.	2024-10-04 17:43:45 -04:00
Sviatoslav Sydorenko (Святослав Сидоренко)	f7600683ef	Merge pull request #271 from mosfet80/patch-3 ... Update `actions/checkout` to v3 in self-tests	2024-09-29 11:06:37 +02:00
mosfet80	6edc294485	Fix node.js v16 deprecation self-smoke-test-action.yml ... actions/checkout@v3 use node.js versio 16. But version 16 is deprecated. version 4 fixes the problem.	2024-09-29 09:04:41 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	85a5a80b22	Merge pull request #270 from trail-of-forks/fix-magic-link-summary	2024-09-29 01:45:28 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	954318b48e	Merge pull request #267 from mosfet80/patch-2	2024-09-29 01:38:05 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	24791c7774	Merge pull request #266 from mosfet80/patch-1	2024-09-29 01:37:58 +02:00
Facundo Tuesca	d8c894824b	Fix magic link nudge formatting in job summary	2024-09-27 20:47:50 +02:00
Facundo Tuesca	a1ce3844ac	Check for Trusted Publishing in magic link logic	2024-09-27 20:47:02 +02:00
mosfet80	00b87c80e8	Update check-jsonschema and pre-commit libs ... https://github.com/python-jsonschema/check-jsonschema/releases https://github.com/pre-commit/pre-commit-hooks/releases/tag/v4.6.0	2024-09-23 11:56:13 +02:00
mosfet80	a571f1e128	Update pylint lib ... https://github.com/pylint-dev/pylint/releases/tag/v3.3.0	2024-09-23 11:52:50 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	897895f1e1	Merge pull request #262 from trail-of-forks/ww/bump-attestations-req ... Resolves #263	2024-09-20 23:35:44 +02:00
William Woodruff	ce32325c61	requirements: bump pypi-attestations to 0.0.12 ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-09-19 18:14:50 +02:00
Facundo Tuesca	36978192ca	Add nudge message with magic link to create new Trusted Publisher ... PR #250 Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>	2024-09-05 17:25:58 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	4f8925cefa	Merge pull request #258 from facutuesca/patch-1	2024-09-05 17:06:25 +02:00
Facundo Tuesca	a58e550ac2	Remove redundant Path.absolute() call	2024-09-03 16:21:03 +02:00
Sviatoslav Sydorenko	0ab0b79471	🚑 Invert the dists-to-attest validity check ... This bug sneaked into #236 but should not affect many people as the attestations generation feature is experimental and opt-in. Fixes #256	2024-09-03 10:25:06 +02:00
William Woodruff	8a08d61689	Expose PEP 740 attestations functionality ... PR #236 This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`. Ref: https://github.com/pypi/warehouse/issues/15871	2024-09-01 02:50:29 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	fb9fc6a4e6	Merge pull request #245 from trail-of-forks/ww/bump-twine	2024-06-27 19:55:19 +02:00
William Woodruff	4d020ff0a9	requirements: re-compile requirements with latest twine ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-06-24 16:49:50 -04:00
Sviatoslav Sydorenko	ec4db0b4dd	Merge PR #243 into unstable/v1	2024-06-16 20:09:43 +02:00
William Woodruff	e7908444c6	oidc-exchange: link to status dashboard ... Signed-off-by: William Woodruff <william@trailofbits.com>	2024-06-11 17:49:43 -04:00
Sviatoslav Sydorenko	87b624f871	💅Update homepage @ Dockerfile to GH Marketplace	2024-05-29 22:25:10 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	da2f9bb91e	Merge pull request #241 from br3ndonland/ghcr-label ... Add Docker label for GHCR	2024-05-29 22:20:17 +02:00
Brendon Smith	abbea2dd5c	Add Docker label for GHCR ... This commit will add the label `org.opencontainers.image.source` to the Dockerfile. This label helps link GitHub Container Registry (GHCR) with the associated repo. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630	2024-05-29 22:18:35 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	2734d07314	build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements (#240) ... build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements	2024-05-29 16:37:07 +02:00
dependabot[bot]	a54b9b8952	--- ... updated-dependencies: - dependency-name: requests dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko	699cd6103f	⇪📦 Bump the runtime dep lockfile	2024-05-16 17:50:20 +02:00
pre-commit-ci[bot]	8414fc2457	[pre-commit.ci] pre-commit autoupdate (#225) ... * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5) - [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1) - [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1) - [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0) - [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0) - [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0) * Bump WPS to v0.19.x series * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Merge separate flake8 runs back into one --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>	2024-05-16 15:39:26 +00:00
Peter Shen	67a07ebbed	Disable the progress bar when running twine upload ... PR #231 Resolves #229 Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>	2024-05-16 17:14:58 +02:00
William Woodruff	771d60f44b	Eliminate future tense in the password nudge in twine-upload ... Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI. Signed-off-by: William Woodruff <william@trailofbits.com> PR #234 Fixes #233	2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko	04f4e64de3	Set Python 3.11 for the flake8-commas linter ... It doesn't yet support 3.12 and is an unconditional dependency of WPS.	2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)	3fbcf7ccf4	Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7 ... build(deps): bump idna from 3.6 to 3.7 in /requirements	2024-04-12 15:30:45 +02:00