mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2025-01-30 09:39:44 -05:00
10df67dae0
This is achieved by upgrading Twine to v6.1.0. Prior to this version, Twine was unable to pick up and publish licensing information declared in the new `License-Expression` core packaging metadata [[1]] [[2]]. And now it does that. Resolves #325. [1]: https://packaging.python.org/en/latest/specifications/core-metadata/#license-expression [2]: https://peps.python.org/pep-0639/#spdx
20 lines
612 B
Text
20 lines
612 B
Text
-c runtime-constraints.in # limits known broken versions
|
|
|
|
# NOTE: v6.1 is needed to support metadata v2.4 including PEP 639
|
|
twine >= 6.1
|
|
|
|
# NOTE: Used to detect an ambient OIDC credential for OIDC publishing,
|
|
# NOTE: as well as PEP 740 attestations.
|
|
id ~= 1.0
|
|
|
|
# NOTE: This is pulled in transitively through `twine`, but we also declare
|
|
# NOTE: it explicitly here because `oidc-exchange.py` uses it.
|
|
# Ref: https://github.com/di/id
|
|
requests
|
|
|
|
# NOTE: Used to generate attestations.
|
|
pypi-attestations ~= 0.0.15
|
|
sigstore ~= 3.5.1
|
|
|
|
# NOTE: Used to detect the PyPI package name from the distribution files
|
|
packaging
|