1
0
mirror of https://github.com/pypa/gh-action-pypi-publish synced 2024-11-30 21:22:28 +08:00
Commit Graph

315 Commits

Author SHA1 Message Date
Brendon Smith
16c36691e6
Verify fail-fast in unsupported environments 2024-10-04 17:43:49 -04:00
Brendon Smith
483a6a6c8b
Drop args from create-docker-action.py
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
2024-10-04 17:43:49 -04:00
Brendon Smith
640fe61d1d
Fail-fast in unsupported environments
https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1632406604

Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
2024-10-04 17:43:49 -04:00
Brendon Smith
7cd4e87775
Check repo ID instead of repo owner ID 2024-10-04 17:43:49 -04:00
Brendon Smith
27defc63ee
Check repo owner ID instead of repo name 2024-10-04 17:43:49 -04:00
Brendon Smith
f8e87467b5
Dump action as JSON 2024-10-04 17:43:49 -04:00
Brendon Smith
7085596c20
Checkout github.head_ref and repo for PRs
https://github.com/actions/checkout/issues/27#issuecomment-535897113
https://github.com/actions/checkout/issues/1108
2024-10-04 17:43:49 -04:00
Brendon Smith
b3ac857fc2
Add workflow_dispatch trigger for Docker builds 2024-10-04 17:43:49 -04:00
Brendon Smith
20c36db551
Use YAML block strip syntax (>-) where possible 2024-10-04 17:43:49 -04:00
Brendon Smith
3f3acc27e9
Reset pre-commit files: regex 2024-10-04 17:43:49 -04:00
Brendon Smith
9d14a8ddfb
Generate Docker container action with Python 2024-10-04 17:43:49 -04:00
Brendon Smith
27ce557201
Separate docker login and docker push
https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1578694138
2024-10-04 17:43:48 -04:00
Brendon Smith
e098680f1b
Fix pre-commit errors 2024-10-04 17:43:48 -04:00
Brendon Smith
104bf53067
Build Docker image and push to GHCR
Up to this point, the project has been set up as a Docker action
referencing the Dockerfile. The downside to using the Dockerfile for the
action is that the Docker image must be built every time the action is
used.

This commit will set up the project to build the Docker image and push
it to GitHub Container Registry (GHCR). This change will speed up user
workflows every time the action is used because the workflows will
simply pull the Docker image from GHCR instead of building again.

Changes:

- Add required metadata to Dockerfile
- Build container image with GitHub Actions
- Push container image to GHCR

Docker actions support pulling in pre-built Docker images. The downside
is that there's no way to specify the correct Docker tag because the
GitHub Actions `image` and `uses:` keys don't accept any context.
For example, if a user's workflow has
`uses: pypa/gh-action-pypi-publish@release/v1.8`, then the action should
pull in a Docker image built from the `release/v1.8` branch, something
like `ghcr.io/pypa/gh-action-pypi-publish:release-v1.8` (Docker tags
can't have `/`). The workaround is to switch the top-level `action.yml`
to a composite action that then calls the Docker action, substituting
the correct image name and tag.
2024-10-04 17:43:45 -04:00
Sviatoslav Sydorenko (Святослав Сидоренко)
f7600683ef
Merge pull request #271 from mosfet80/patch-3
Update `actions/checkout` to v3 in self-tests
2024-09-29 11:06:37 +02:00
mosfet80
6edc294485
Fix node.js v16 deprecation self-smoke-test-action.yml
actions/checkout@v3 use node.js versio 16. But version 16 is deprecated.
version 4 fixes the problem.
2024-09-29 09:04:41 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
85a5a80b22
Merge pull request #270 from trail-of-forks/fix-magic-link-summary 2024-09-29 01:45:28 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
954318b48e
Merge pull request #267 from mosfet80/patch-2 2024-09-29 01:38:05 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
24791c7774
Merge pull request #266 from mosfet80/patch-1 2024-09-29 01:37:58 +02:00
Facundo Tuesca
d8c894824b Fix magic link nudge formatting in job summary 2024-09-27 20:47:50 +02:00
Facundo Tuesca
a1ce3844ac Check for Trusted Publishing in magic link logic 2024-09-27 20:47:02 +02:00
mosfet80
00b87c80e8
Update check-jsonschema and pre-commit libs
https://github.com/python-jsonschema/check-jsonschema/releases

https://github.com/pre-commit/pre-commit-hooks/releases/tag/v4.6.0
2024-09-23 11:56:13 +02:00
mosfet80
a571f1e128
Update pylint lib
https://github.com/pylint-dev/pylint/releases/tag/v3.3.0
2024-09-23 11:52:50 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
897895f1e1
Merge pull request #262 from trail-of-forks/ww/bump-attestations-req
Resolves #263
2024-09-20 23:35:44 +02:00
William Woodruff
ce32325c61
requirements: bump pypi-attestations to 0.0.12
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-09-19 18:14:50 +02:00
Facundo Tuesca
36978192ca
Add nudge message with magic link to create new Trusted Publisher
PR #250

Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-09-05 17:25:58 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
4f8925cefa
Merge pull request #258 from facutuesca/patch-1 2024-09-05 17:06:25 +02:00
Facundo Tuesca
a58e550ac2
Remove redundant Path.absolute() call 2024-09-03 16:21:03 +02:00
Sviatoslav Sydorenko
0ab0b79471
🚑 Invert the dists-to-attest validity check
This bug sneaked into #236 but should not affect many people as the
attestations generation feature is experimental and opt-in.

Fixes #256
2024-09-03 10:25:06 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
fb9fc6a4e6
Merge pull request #245 from trail-of-forks/ww/bump-twine 2024-06-27 19:55:19 +02:00
William Woodruff
4d020ff0a9
requirements: re-compile requirements with latest twine
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-24 16:49:50 -04:00
Sviatoslav Sydorenko
ec4db0b4dd
Merge PR #243 into unstable/v1 2024-06-16 20:09:43 +02:00
William Woodruff
e7908444c6
oidc-exchange: link to status dashboard
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-11 17:49:43 -04:00
Sviatoslav Sydorenko
87b624f871
💅Update homepage @ Dockerfile to GH Marketplace 2024-05-29 22:25:10 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
da2f9bb91e
Merge pull request #241 from br3ndonland/ghcr-label
Add Docker label for GHCR
2024-05-29 22:20:17 +02:00
Brendon Smith
abbea2dd5c Add Docker label for GHCR
This commit will add the label `org.opencontainers.image.source` to the
Dockerfile. This label helps link GitHub Container Registry (GHCR) with
the associated repo.

https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630
2024-05-29 22:18:35 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
2734d07314
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements (#240)
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements
2024-05-29 16:37:07 +02:00
dependabot[bot]
a54b9b8952
---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko
699cd6103f
⇪📦 Bump the runtime dep lockfile 2024-05-16 17:50:20 +02:00
pre-commit-ci[bot]
8414fc2457
[pre-commit.ci] pre-commit autoupdate (#225)
* [pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5)
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1)
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1)
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0)
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0)

* Bump WPS to v0.19.x series

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Merge separate flake8 runs back into one

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-05-16 15:39:26 +00:00
Peter Shen
67a07ebbed
Disable the progress bar when running twine upload
PR #231
Resolves #229

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
William Woodruff
771d60f44b
Eliminate future tense in the password nudge in twine-upload
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.

Signed-off-by: William Woodruff <william@trailofbits.com>

PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko
04f4e64de3
Set Python 3.11 for the flake8-commas linter
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3fbcf7ccf4
Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
dependabot[bot]
576aae3934
build(deps): bump idna from 3.6 to 3.7 in /requirements
Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko
81e9d935c8
Bump pip to v24.0 in runtime prerequisites lock 2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko
91527c4583
Regenerate lockfiles with pip-tools v7.4.1 2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko
3a817c6dce
Bump action runtime to CPython 3.12 2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko
741947b9ca
Add a config file for pip-tools 2024-03-07 23:43:48 +01:00