actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-09-12 23:57:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
275 commits 11 branches 39 tags 784 KiB
Commit graph

275 commits

This branch
This branch
All branches
Author SHA1 Message Date
Sviatoslav Sydorenko
79739dc2f2
Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6 
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
 2023-10-02 23:46:28 -04:00
pre-commit-ci[bot]
9a3f9ad5bc
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/add-trailing-comma.git: v3.0.0 → v3.1.0](https://github.com/asottile/add-trailing-comma.git/compare/v3.0.0...v3.1.0)
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.1 → v1.5.4](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.1...v1.5.4)
- [github.com/python-jsonschema/check-jsonschema.git: 0.23.2 → 0.27.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.23.2...0.27.0)
- [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6)
- [github.com/PyCQA/flake8.git: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/6.0.0...6.1.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0)
- [github.com/PyCQA/pylint.git: v3.0.0a6 → v3.0.0](https://github.com/PyCQA/pylint.git/compare/v3.0.0a6...v3.0.0)
 2023-10-03 00:40:18 +00:00
dependabot[bot]
75ca4c1f12
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-10-02 23:58:34 +00:00
Sviatoslav Sydorenko
a712d989cc
Make the vulnerability report URL direct 2023-09-11 16:40:56 +02:00
Sviatoslav Sydorenko
bbf06d8ae3
Migrate security doc from RST to Markdown 
RST files are no longer correctly recognized by GitHub.
 2023-09-11 16:38:50 +02:00
Sviatoslav Sydorenko
8cdc2ab67c
Merge pull request #179 from pypa/di-patch-1 2023-08-11 17:31:18 +02:00
Dustin Ingram
41c10ee223
Add link to configuration docs for Trusted Publishing 2023-08-11 11:23:40 -04:00
Sviatoslav Sydorenko
b7f401de30
Merge PR #177 into unstable/v1 2023-08-10 22:58:37 +02:00
William Woodruff
ba3ecc9355
oidc-exchange: fix padding 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-10 16:08:35 -04:00
Sviatoslav Sydorenko
ade57f54dc
Merge PRs #174 #175 and #172 into unstable/v1 2023-08-10 18:57:00 +02:00
William Woodruff
637917e5f2
README: re-add "pro tip" language 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 18:01:51 -04:00
William Woodruff
4864f13c38
README: use semantic callouts 
See: https://github.com/orgs/community/discussions/16925

Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 17:58:56 -04:00
William Woodruff
326f9ad1e1
oidc-exchange: add-trailing-comma 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 15:17:18 -04:00
William Woodruff
e5f0690e91
oidc-exchange: ignore a nested function 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 15:12:44 -04:00
William Woodruff
8bdd0cc2a0
oidc-exchange: lintage 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 15:10:56 -04:00
William Woodruff
71a0032909
oidc-exchange: render claims if exchange fails 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-08-09 15:08:47 -04:00
dependabot[bot]
adef75a5a6
Bump cryptography from 41.0.2 to 41.0.3 in /requirements 
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-08-02 02:15:59 +00:00
Sviatoslav Sydorenko
413a8d5d62
Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22 
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
 2023-07-26 11:43:53 +02:00
dependabot[bot]
c185b8ee4e
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements 
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-25 23:36:57 +00:00
Sviatoslav Sydorenko
2a939dd49b
🎨📝 Link SHA pinning encouragement @ README 
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.

[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
 2023-07-13 16:44:47 +02:00
Sviatoslav Sydorenko
f8c70e705f
Merge pull request #168 from pquentin/bump-dependencies 2023-07-12 02:46:40 +02:00
Sviatoslav Sydorenko
68276eb3e4
Merge pull request #167 from trail-of-forks/tob-nudge 2023-07-12 02:43:50 +02:00
Quentin Pradet
a5d57af63c
Bump runtime dependencies 2023-07-11 09:31:13 +04:00
William Woodruff
e90e853e89
twine-upload: only nudge on PyPI-looking domains 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-07-10 12:11:56 -04:00
William Woodruff
be695966b0
twine-upload: add a nudge for trusted publishing 
Closes #164.

Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-07-10 11:44:56 -04:00
Sviatoslav Sydorenko
54d67ed3c5
Merge pull request #165 from pypa/pre-commit-ci-update-config 2023-07-09 14:55:23 +02:00
Sviatoslav Sydorenko
d32e2fab32
Revert flake8 to v4.0.1 2023-07-09 14:53:38 +02:00
pre-commit-ci[bot]
a8d92e9876
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/asottile/add-trailing-comma.git: v2.4.0 → v3.0.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.4.0...v3.0.0)
- [github.com/python-jsonschema/check-jsonschema.git: 0.22.0 → 0.23.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.22.0...0.23.2)
- [github.com/codespell-project/codespell: v2.2.4 → v2.2.5](https://github.com/codespell-project/codespell/compare/v2.2.4...v2.2.5)
- [github.com/adrienverge/yamllint.git: v1.30.0 → v1.32.0](https://github.com/adrienverge/yamllint.git/compare/v1.30.0...v1.32.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0)
 2023-07-03 22:49:42 +00:00
Sviatoslav Sydorenko
f5622bde02
Merge PRs #159 and #160 into unstable/v1 2023-06-26 18:18:24 +02:00
Sviatoslav Sydorenko
3be882c473
Merge pull request #161 from jaap3/jaap3-patch-1 
This patch remove extraneous trailing `}` from the annotation note.
 2023-06-08 16:22:18 +02:00
Jaap Roes
775be49481
Remove extraneous } 2023-06-08 14:56:32 +02:00
dependabot[bot]
5684530096
Bump cryptography from 39.0.1 to 41.0.0 in /requirements 
Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-02 20:16:33 +00:00
Hugo van Kemenade
135d0d5353 Ignore pip's root user warning 2023-05-29 13:42:14 +03:00
Sviatoslav Sydorenko
110f54a387
Merge pull request #157 from pypa/dependabot/pip/requirements/requests-2.31.0 
Bump requests from 2.28.1 to 2.31.0 in /requirements
 2023-05-23 07:41:59 +02:00
dependabot[bot]
c803c91ef0
Bump requests from 2.28.1 to 2.31.0 in /requirements 
Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-23 05:16:54 +00:00
Sviatoslav Sydorenko
f9ed8ba9ad
Merge pull request #156 from trail-of-forks/tob-fix-annotation 2023-05-17 02:02:16 +02:00
William Woodruff
30639668ca
oidc-exchange: "fix" multiline annotations 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-05-12 11:04:38 -04:00
Sviatoslav Sydorenko
a56da0b891
Merge pull request #151 from asherf/trusted 2023-05-02 22:30:51 +02:00
Asher Foa
e4b9031741 password input is no longer required, since not specifying it implies trusted publishing 
Signed-off-by: Asher Foa <1268088+asherf@users.noreply.github.com>
 2023-04-27 11:31:44 -04:00
Sviatoslav Sydorenko
5a085bf49e
Merge pull request #150 from trail-of-forks/tob-doc-tweaks 2023-04-24 22:34:21 -06:00
William Woodruff
0811f991bd
README: small doc tweaks 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-04-24 09:30:35 -06:00
Sviatoslav Sydorenko
f47b34707f
📝🎨 Put OIDC on pedestal @ README 
This patch makes sure that the new users would go for the secretless
publishing when integrating the action, from the beginning.
 2023-04-24 07:26:17 +02:00
Sviatoslav Sydorenko
7a1a355fb5
🎨 Show GH environments use in README examples 
It is a useful protection feature giving the end-users more control
over the release flow and trust.
 2023-04-24 07:07:39 +02:00
Sviatoslav Sydorenko
3b6670b0bd
Merge pull request #147 from trail-of-forks/tob-stabilize-oidc 
README, oidc-exchange: remove beta references
 2023-04-22 18:56:18 -06:00
William Woodruff
c008c2f40a
README: re-add OIDC note 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-04-22 07:27:01 -06:00
William Woodruff
fe431ff9ad
README, oidc-exchange: remove beta references 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2023-04-21 16:09:58 -06:00
Sviatoslav Sydorenko
c542b72dc6
Bump WPS flake8 plugin set to v0.17.0 2023-04-04 03:22:09 +02:00
Sviatoslav Sydorenko
f437f577c3
Merge pull request #145 from pypa/pre-commit-ci-update-config 
[pre-commit.ci] pre-commit autoupdate
 2023-04-04 02:33:37 +02:00
Sviatoslav Sydorenko
ba7045370c
Revert WPS flake8 hook version to 4.0.1 2023-04-04 01:28:01 +02:00
pre-commit-ci[bot]
6cbdb5439a
[pre-commit.ci] pre-commit autoupdate 
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.3.1 → v1.5.1](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.3.1...v1.5.1)
- [github.com/python-jsonschema/check-jsonschema.git: 0.19.2 → 0.22.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.19.2...0.22.0)
- [github.com/codespell-project/codespell: v2.2.2 → v2.2.4](https://github.com/codespell-project/codespell/compare/v2.2.2...v2.2.4)
- [github.com/adrienverge/yamllint.git: v1.28.0 → v1.30.0](https://github.com/adrienverge/yamllint.git/compare/v1.28.0...v1.30.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0)
- [github.com/PyCQA/pylint.git: v2.15.9 → v3.0.0a6](https://github.com/PyCQA/pylint.git/compare/v2.15.9...v3.0.0a6)
 2023-04-03 23:10:34 +00:00