Commit Graph

61 Commits

Author SHA1 Message Date
William Woodruff 8a08d61689
Expose PEP 740 attestations functionality
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
xuanzhi33 aeff019ac8
docs(fix): Fix a markdown alert 2024-02-24 18:46:07 +08:00
Dustin Spicuzza 415d7a6bec Update README.md
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza a1a49954d3 Give more information to users
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Dustin Ingram 41c10ee223
Add link to configuration docs for Trusted Publishing 2023-08-11 11:23:40 -04:00
William Woodruff 637917e5f2
README: re-add "pro tip" language
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 18:01:51 -04:00
William Woodruff 4864f13c38
README: use semantic callouts
See: https://github.com/orgs/community/discussions/16925

Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 17:58:56 -04:00
Sviatoslav Sydorenko 2a939dd49b
🎨📝 Link SHA pinning encouragement @ README
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.

[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
2023-07-13 16:44:47 +02:00
William Woodruff 0811f991bd
README: small doc tweaks
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-24 09:30:35 -06:00
Sviatoslav Sydorenko f47b34707f
📝🎨 Put OIDC on pedestal @ README
This patch makes sure that the new users would go for the secretless
publishing when integrating the action, from the beginning.
2023-04-24 07:26:17 +02:00
Sviatoslav Sydorenko 7a1a355fb5
🎨 Show GH environments use in README examples
It is a useful protection feature giving the end-users more control
over the release flow and trust.
2023-04-24 07:07:39 +02:00
William Woodruff c008c2f40a
README: re-add OIDC note
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-22 07:27:01 -06:00
William Woodruff fe431ff9ad
README, oidc-exchange: remove beta references
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-21 16:09:58 -06:00
Sviatoslav Sydorenko 82695c57c9
📝 Link the announcement discussions from README
This patch encourages the end-users to share feedback using GitHub
Discussions instead of issues.
2023-04-03 18:19:33 +02:00
William Woodruff 89ddbeae04
README: retitle, add note
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 23:37:32 +09:00
William Woodruff 4372cb5585
README: replace OIDC with "trusted publishing"
Also updates the link to reference the public documentation
for trusted publishing, rather than the PyPI short help
section (which also needs to be updated).

Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:26:53 +09:00
William Woodruff 2b46bad8cb
OIDC beta support
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko f131721e84
🎨 Convert action inputs to use kebab-case
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Sviatoslav Sydorenko ce291dce5b
🎨🐛Fix the branch @ pre-commit.ci badge links 2022-12-06 23:24:07 +01:00
Sviatoslav Sydorenko 47622d7eb0
🎨 Add CI/CD badges to README 2022-12-06 22:59:26 +01:00
Sviatoslav Sydorenko 5fb2f047e2
Drop `__token__` from README code usage snippets
This patch reduces the emphasis on the `__token__` value of the `user`
input since it's default anyway. It also adds a separate paragraph
showing how to specify a custom username if the need be.

Ref: https://github.com/pypa/packaging.python.org/issues/1108
2022-07-25 23:13:35 +02:00
Sviatoslav Sydorenko 7bbdccd64f
Update the mention of `master` with `unstable/v1` 2022-07-25 23:07:43 +02:00
Sviatoslav Sydorenko 328cf89e05
📝 Fix a link to the "Distribution Package" term 2022-07-25 22:55:14 +02:00
Sviatoslav Sydorenko 1bbe3c9926
📝 Announce deprecation of the `master` branch
From now on, the default repository branch is `unstable/v1`.

Resolves #83
2022-07-25 17:26:15 +02:00
Sviatoslav Sydorenko 9f0421c6c6
Add #StandWithUkraine banner to README
This patch highlights the original developer's identity while
spreading awareness about the circumstances[1] affecting the lead
contributors. Since it affects the maintenance of this project and the
users must be well-informed of why this repository doesn't get as much
attention as it deserves.

[1]: https://github.com/vshymanskyy/StandWithUkraine
2022-07-25 16:42:56 +02:00
meowmeowcat c83d37bdf0 Introduce print_hash in README 2022-01-08 12:41:13 +08:00
Sviatoslav Sydorenko bea5cda687
Fix a typo in README: s/wheels/wheel/ 2021-02-19 20:28:01 +01:00
Sviatoslav Sydorenko f334b3c277
Tell to use artifacts for platform wheels @ README
Per suggestion @
https://github.com/pypa/gh-action-pypi-publish/discussions/57#discussioncomment-365097
2021-02-19 20:22:31 +01:00
Sviatoslav Sydorenko c89694fb92
Merge PR #55 2021-02-19 20:08:03 +01:00
Sviatoslav Sydorenko ed5a157a01
Add an empty line after the title @ README 2021-02-19 20:04:22 +01:00
P. L. Lim 3f53700db1
DOC: Do not use master in examples
to be consistent with the "pro tip"
2021-01-22 09:36:17 -05:00
Ville Skyttä 4425980a33 Use PYPI_API_TOKEN instead of pypi_password as secret name in examples
GitHub secrets are customarily spelled in uppercase, and in PyPI terms
we're dealing with API tokens here, not passwords.
2020-12-12 18:08:55 +02:00
Subin Modeel cf69e2047c Update twine-upload.sh 2020-09-25 13:14:20 -04:00
Hugo van Kemenade 312517a552
Fix typo 2020-07-09 10:45:41 +03:00
Sviatoslav Sydorenko 00ef3b8182
Expose `skip_existing` setting to the end-users 2020-06-19 21:30:53 +02:00
Sviatoslav Sydorenko 65c102608d
Use detached link syntax in README 2020-06-03 17:53:04 +02:00
Sviatoslav Sydorenko 55abf9c047
Replace `github.ref` -> `github.event.ref` README
Resolves #31
2020-06-03 17:49:53 +02:00
Henry Schreiner 9bda1cadd0 Use metadata_verify instead of check 2020-06-03 11:05:45 -04:00
Henry Schreiner 176ae50c06 feat: Add twine check before upload #30 2020-06-02 14:44:35 -04:00
Samuel Williams a8ddac2458 Fix typo in inputs
d7872a6165 changed the name of an input from `dist` to `packages-dir`,
but unfortunately it looks like GitHub actions expect underscores rather
than dashes, so deploys are currently broken with the following errors:

```
Run pypa/gh-action-pypi-publish@master
  with:
    user: __token__
    password: ***
    packages-dir: dist
  env:
    pythonLocation: /opt/hostedtoolcache/Python/3.8.0/x64
/usr/bin/docker run --name [...] -e INPUT_PACKAGES-DIR [...]

/app/twine-upload.sh: line 22: INPUT_PACKAGES_DIR: unbound variable

This patch replaces the dash with an underscore.

Resolves #20
2019-12-06 23:15:10 +00:00
Sviatoslav Sydorenko 19c0fbd15c
Reword `package-dir` example title in README 2019-12-06 13:44:40 +01:00
Sviatoslav Sydorenko b645b1f9d3
Use a regular PyPI in the custom dist dir example 2019-12-06 13:42:24 +01:00
Sviatoslav Sydorenko d7872a6165
Change `dist` param to `packages-dir` 2019-12-06 13:38:52 +01:00
Jesse Farebrother 4f4304928f Custom dist 2019-12-05 16:25:02 -07:00
matham 7c2cab72a6
Indicate clearly what is being uploaded. 2019-11-26 16:07:42 -05:00
NIKHIL DHANDRE 12afb8d7be
Fix miss leading link creating & using secrets 2019-11-24 00:05:12 +05:30
Sviatoslav Sydorenko 66f4ba747a
Add a link to the PyPA guide 2019-09-27 13:37:19 +02:00
Sviatoslav Sydorenko 369493d046
Wrap lines in README to fit 80 chars 2019-09-24 23:04:57 +02:00
Sviatoslav Sydorenko 74be6d36c6
Add a README recommendation to pin action versions 2019-09-24 23:03:49 +02:00
Hugo van Kemenade d773dec8a8
Test PyPI -> TestPyPI 2019-09-19 11:04:14 +03:00