actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-12-28 01:44:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
359 commits 13 branches 46 tags 1.2 MiB
Commit graph

5 commits

Author SHA1 Message Date
Sviatoslav Sydorenko
72d1032bb0
💅 Bundle attestation existence check together 
This patch moves said check out of the signing loop and performs the
check early in the process. It is then able to report multiple
problems in a single error.
 2024-12-10 01:52:29 +01:00
Sviatoslav Sydorenko
f14df0bb20
💅 Add a return type to die() @ attestations 2024-12-10 01:35:33 +01:00
William Woodruff
fec2f0c0ce
attestations: collect *.zip sdists as well 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-11-06 13:43:44 -05:00
Sviatoslav Sydorenko
0ab0b79471
🚑 Invert the dists-to-attest validity check
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
This bug sneaked into #236 but should not affect many people as the
attestations generation feature is experimental and opt-in.

Fixes #256
 2024-09-03 10:25:06 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
 2024-09-01 02:50:29 +02:00