Commit Graph

19 Commits

Author SHA1 Message Date
William Woodruff 0126dcac8e
action: enable attestations by default
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-10-28 14:31:58 -04:00
William Woodruff 8a08d61689
Expose PEP 740 attestations functionality
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
Asher Foa e4b9031741 password input is no longer required, since not specifying it implies trusted publishing
Signed-off-by: Asher Foa <1268088+asherf@users.noreply.github.com>
2023-04-27 11:31:44 -04:00
Jay Chung d5417dc8be 🐛Correct default upload URL
close: #130
2023-03-16 16:39:57 +08:00
William Woodruff 2b46bad8cb
OIDC beta support
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko 22b4d1f125
🐛 Make kebab options fall back for snake_case
The previous release didn't take into account the action defaults so
the promised fallbacks for the old input names didn't work. This patch
corrects that mistake.
2023-03-11 03:06:39 +01:00
Sviatoslav Sydorenko f131721e84
🎨 Convert action inputs to use kebab-case
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Sviatoslav Sydorenko fedca4a9a8
🎨Use explicit strings for action input defaults 2022-12-06 21:44:30 +01:00
meowmeowcat 77ee113713 Move out the Python script from the shell script 2022-01-08 12:12:15 +08:00
meowmeowcat e5cc29fe08 Show hash values of files uploaded 2022-01-08 00:24:27 +08:00
Subin Modeel cf69e2047c Update twine-upload.sh 2020-09-25 13:14:20 -04:00
Sviatoslav Sydorenko 00ef3b8182
Expose `skip_existing` setting to the end-users 2020-06-19 21:30:53 +02:00
Henry Schreiner 9bda1cadd0 Use metadata_verify instead of check 2020-06-03 11:05:45 -04:00
Henry Schreiner 176ae50c06 feat: Add twine check before upload #30 2020-06-02 14:44:35 -04:00
Samuel Williams a8ddac2458 Fix typo in inputs
d7872a6165 changed the name of an input from `dist` to `packages-dir`,
but unfortunately it looks like GitHub actions expect underscores rather
than dashes, so deploys are currently broken with the following errors:

```
Run pypa/gh-action-pypi-publish@master
  with:
    user: __token__
    password: ***
    packages-dir: dist
  env:
    pythonLocation: /opt/hostedtoolcache/Python/3.8.0/x64
/usr/bin/docker run --name [...] -e INPUT_PACKAGES-DIR [...]

/app/twine-upload.sh: line 22: INPUT_PACKAGES_DIR: unbound variable

This patch replaces the dash with an underscore.

Resolves #20
2019-12-06 23:15:10 +00:00
Sviatoslav Sydorenko d7872a6165
Change `dist` param to `packages-dir` 2019-12-06 13:38:52 +01:00
Jesse Farebrother 4f4304928f Custom dist 2019-12-05 16:25:02 -07:00
Sviatoslav Sydorenko 2e00539ed7
Dedent sequence items in YAML 2019-08-23 13:11:24 +02:00
Mathias Fussenegger 25d67dc298 Adapt to new yml based github actions
Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
Co-Authored-By: Pradyun Gedam <pradyunsg@gmail.com>
2019-08-23 10:53:21 +02:00