actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2025-01-30 17:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
369 commits 13 branches 47 tags 778 KiB
Commit graph

15 commits

Author SHA1 Message Date
Sviatoslav Sydorenko
10df67dae0
📦 Enable support for PEP 639 metadata 
This is achieved by upgrading Twine to v6.1.0. Prior to this version,
Twine was unable to pick up and publish licensing information declared
in the new `License-Expression` core packaging metadata [[1]] [[2]].
And now it does that.

Resolves #325.

[1]: https://packaging.python.org/en/latest/specifications/core-metadata/#license-expression
[2]: https://peps.python.org/pep-0639/#spdx
 2025-01-24 03:37:24 +01:00
Sviatoslav Sydorenko
67339c736f
📦 Only keep lower bounds @ input requirements
Some checks failed
🏗️ / smoke-test (push) Has been cancelled
Details
🏗️ / build-and-push (push) Has been cancelled
Details 
This concerns both direct (`twine`) and indirect (`pkginfo`) deps,
provided there's no broken versions to exclude.
 2024-12-09 15:07:39 +01:00
Sviatoslav Sydorenko
43caae4bb1
💅📦 Split transitive dep constraints 
This is a structural change allowing for better placement of direct
dependencies and limiting the transitive ones.
 2024-12-07 02:24:42 +01:00
William Woodruff
138a1215a3
📌📦 Pin pkginfo to v1.12 @ runtime deps 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-12-06 19:35:56 +01:00
William Woodruff
0e10725395
requirements: bump twine to ~= 6.0 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-12-01 12:05:46 -05:00
William Woodruff
fe8d1484ba
requirements: bump pypi-attestations to 0.0.15 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-11-06 17:53:10 -05:00
William Woodruff
335e8b00ae
bump sigstore==3.5.1 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-10-28 14:29:41 -04:00
William Woodruff
1545e96dcb
requirements: bump sigstore, pypi-attestations 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-10-22 12:40:04 -04:00
William Woodruff
ce32325c61
requirements: bump pypi-attestations to 0.0.12 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-09-19 18:14:50 +02:00
Facundo Tuesca
36978192ca
Add nudge message with magic link to create new Trusted Publisher
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
PR #250

Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
 2024-09-05 17:25:58 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
 2024-09-01 02:50:29 +02:00
Quentin Pradet
a5d57af63c
Bump runtime dependencies 2023-07-11 09:31:13 +04:00
William Woodruff
2b46bad8cb
OIDC beta support 
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
 2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko
0b69a8c2df
Document broken pkginfo==1.9.0 transitive dep 
Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/107
 2022-11-30 10:32:45 +01:00
Sviatoslav Sydorenko
c54db9c2b7
Integrate pip-tools-generated constraint files 
This patch adds constraint files with the dependency tree
generated by `pip-compile` under Python 3.9. They are now integrated
into the action container image.

Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/101
* https://github.com/pypa/gh-action-pypi-publish/issues/107
 2022-11-30 10:17:33 +01:00