f7600683ef
Merge pull request #271 from mosfet80/patch-3
...
Update `actions/checkout` to v3 in self-tests
2024-09-29 11:06:37 +02:00
6edc294485
Fix node.js v16 deprecation self-smoke-test-action.yml
...
actions/checkout@v3 use node.js versio 16. But version 16 is deprecated.
version 4 fixes the problem.
2024-09-29 09:04:41 +02:00
85a5a80b22
Merge pull request #270 from trail-of-forks/fix-magic-link-summary
2024-09-29 01:45:28 +02:00
954318b48e
Merge pull request #267 from mosfet80/patch-2
2024-09-29 01:38:05 +02:00
24791c7774
Merge pull request #266 from mosfet80/patch-1
2024-09-29 01:37:58 +02:00
d8c894824b
Fix magic link nudge formatting in job summary
2024-09-27 20:47:50 +02:00
a1ce3844ac
Check for Trusted Publishing in magic link logic
2024-09-27 20:47:02 +02:00
00b87c80e8
Update check-jsonschema and pre-commit libs
...
https://github.com/python-jsonschema/check-jsonschema/releases
https://github.com/pre-commit/pre-commit-hooks/releases/tag/v4.6.0
2024-09-23 11:56:13 +02:00
a571f1e128
Update pylint lib
...
https://github.com/pylint-dev/pylint/releases/tag/v3.3.0
2024-09-23 11:52:50 +02:00
897895f1e1
Merge pull request #262 from trail-of-forks/ww/bump-attestations-req
...
Resolves #263
2024-09-20 23:35:44 +02:00
ce32325c61
requirements: bump pypi-attestations to 0.0.12
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-09-19 18:14:50 +02:00
36978192ca
Add nudge message with magic link to create new Trusted Publisher
...
PR #250
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-09-05 17:25:58 +02:00
4f8925cefa
Merge pull request #258 from facutuesca/patch-1
2024-09-05 17:06:25 +02:00
a58e550ac2
Remove redundant `Path.absolute()` call
2024-09-03 16:21:03 +02:00
0ab0b79471
🚑 Invert the dists-to-attest validity check
...
This bug sneaked into #236 but should not affect many people as the
attestations generation feature is experimental and opt-in.
Fixes #256
2024-09-03 10:25:06 +02:00
8a08d61689
Expose PEP 740 attestations functionality
...
PR #236
This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.
Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
fb9fc6a4e6
Merge pull request #245 from trail-of-forks/ww/bump-twine
2024-06-27 19:55:19 +02:00
4d020ff0a9
requirements: re-compile requirements with latest twine
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-24 16:49:50 -04:00
ec4db0b4dd
Merge PR #243 into unstable/v1
2024-06-16 20:09:43 +02:00
e7908444c6
oidc-exchange: link to status dashboard
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-11 17:49:43 -04:00
87b624f871
💅 Update homepage @ Dockerfile to GH Marketplace
2024-05-29 22:25:10 +02:00
da2f9bb91e
Merge pull request #241 from br3ndonland/ghcr-label
...
Add Docker label for GHCR
2024-05-29 22:20:17 +02:00
abbea2dd5c
Add Docker label for GHCR
...
This commit will add the label `org.opencontainers.image.source` to the
Dockerfile. This label helps link GitHub Container Registry (GHCR) with
the associated repo.
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630
2024-05-29 22:18:35 +02:00
2734d07314
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements ( #240 )
...
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements
2024-05-29 16:37:07 +02:00
a54b9b8952
---
...
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 05:26:31 +00:00
699cd6103f
⇪ 📦 Bump the runtime dep lockfile
2024-05-16 17:50:20 +02:00
8414fc2457
[pre-commit.ci] pre-commit autoupdate ( #225 )
...
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1 )
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1 )
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0 )
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0 )
* Bump WPS to v0.19.x series
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Merge separate flake8 runs back into one
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-05-16 15:39:26 +00:00
67a07ebbed
Disable the progress bar when running `twine upload`
...
PR #231
Resolves #229
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
771d60f44b
Eliminate future tense in the password nudge in `twine-upload`
...
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.
Signed-off-by: William Woodruff <william@trailofbits.com>
PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
04f4e64de3
Set Python 3.11 for the `flake8-commas` linter
...
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
3fbcf7ccf4
Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
...
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
576aae3934
build(deps): bump idna from 3.6 to 3.7 in /requirements
...
Bumps [idna](https://github.com/kjd/idna ) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-12 04:51:56 +00:00
81e9d935c8
Bump `pip` to v24.0 in runtime prerequisites lock
2024-03-08 00:20:54 +01:00
91527c4583
Regenerate lockfiles with pip-tools v7.4.1
2024-03-08 00:19:54 +01:00
3a817c6dce
Bump action runtime to CPython 3.12
2024-03-08 00:15:38 +01:00
741947b9ca
Add a config file for `pip-tools`
2024-03-07 23:43:48 +01:00
d7af439579
Mass-bump transitive dependencies of runtime
2024-03-07 23:08:31 +01:00
e90ddca975
Bump `readme-renderer` to v43.0
2024-03-07 23:07:33 +01:00
dae7fa3e8d
Bump Twine to v5.0.0
2024-03-07 23:05:40 +01:00
0fe04ae7d9
Bump `id` to v1.3.0
2024-03-07 23:04:40 +01:00
444e17980b
Bump cryptography to v42.0.5
2024-03-07 23:02:36 +01:00
820be4e5e3
Normalize pip-tools' header comment @ `runtime.txt`
...
It's currently not prefixed with `requirements/` in most places and
that what Dependabot keeps using.
2024-03-07 23:00:46 +01:00
aec4e82833
Merge pull request #219 from SigureMo/re-generate-requirements
...
build(deps): bump `pkginfo` version to support `Metadata-version=2.3`
2024-03-06 19:16:52 +01:00
b065889f7f
revert other bumps
2024-03-06 19:20:47 +08:00
00a7cd17a2
re-gen on Linux and run command in requirements/
2024-03-06 01:59:27 +00:00
2972d54cda
bump pkginfo only
2024-03-05 18:16:00 +08:00
f6a1bcf881
Revert "build(deps): re-generate requirements to support `Metadata-version=2.3`"
...
This reverts commit e6ed2a4dfb
2024-03-05 18:07:49 +08:00
e6ed2a4dfb
build(deps): re-generate requirements to support `Metadata-version=2.3`
2024-03-05 12:56:14 +08:00
e53eb8b103
Clarify the error during OIDC exchange on PRs from forks
...
This specializes the token retrieval error handling, providing an
alternative error message when the error cause is something
that we know can't possibly work due to GitHub's own restrictions
on PRs from forks.
PR #203
Closes #202
Ref https://github.com/python-pillow/Pillow/pull/7616
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-02-27 05:09:52 +01:00
edfa8f355b
Merge pull request #216 from xuanzhi33/unstable/v1
...
Correct the trusted publishing note admonition markdown syntax in the README
2024-02-24 20:27:48 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
mosfet80
Facundo Tuesca
William Woodruff
Sviatoslav Sydorenko
Brendon Smith
dependabot[bot]
pre-commit-ci[bot]
Peter Shen
William Woodruff
SigureMo