actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-12-28 18:04:50 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
353 commits 13 branches 46 tags 1.2 MiB
Commit graph

14 commits

Author SHA1 Message Date
Sviatoslav Sydorenko
67339c736f
📦 Only keep lower bounds @ input requirements
Some checks failed
🏗️ / smoke-test (push) Has been cancelled
Details
🏗️ / build-and-push (push) Has been cancelled
Details 
This concerns both direct (`twine`) and indirect (`pkginfo`) deps,
provided there's no broken versions to exclude.
 2024-12-09 15:07:39 +01:00
Sviatoslav Sydorenko
43caae4bb1
💅📦 Split transitive dep constraints 
This is a structural change allowing for better placement of direct
dependencies and limiting the transitive ones.
 2024-12-07 02:24:42 +01:00
William Woodruff
138a1215a3
📌📦 Pin pkginfo to v1.12 @ runtime deps 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-12-06 19:35:56 +01:00
William Woodruff
0e10725395
requirements: bump twine to ~= 6.0 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-12-01 12:05:46 -05:00
William Woodruff
fe8d1484ba
requirements: bump pypi-attestations to 0.0.15 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-11-06 17:53:10 -05:00
William Woodruff
335e8b00ae
bump sigstore==3.5.1 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-10-28 14:29:41 -04:00
William Woodruff
1545e96dcb
requirements: bump sigstore, pypi-attestations 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-10-22 12:40:04 -04:00
William Woodruff
ce32325c61
requirements: bump pypi-attestations to 0.0.12 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-09-19 18:14:50 +02:00
Facundo Tuesca
36978192ca
Add nudge message with magic link to create new Trusted Publisher
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
PR #250

Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
 2024-09-05 17:25:58 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
Some checks failed
🧪 / smoke-test (push) Has been cancelled
Details 
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
 2024-09-01 02:50:29 +02:00
Quentin Pradet
a5d57af63c
Bump runtime dependencies 2023-07-11 09:31:13 +04:00
William Woodruff
2b46bad8cb
OIDC beta support 
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
 2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko
0b69a8c2df
Document broken pkginfo==1.9.0 transitive dep 
Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/107
 2022-11-30 10:32:45 +01:00
Sviatoslav Sydorenko
c54db9c2b7
Integrate pip-tools-generated constraint files 
This patch adds constraint files with the dependency tree
generated by `pip-compile` under Python 3.9. They are now integrated
into the action container image.

Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/101
* https://github.com/pypa/gh-action-pypi-publish/issues/107
 2022-11-30 10:17:33 +01:00