William Woodruff
b526ff8902
requirements: Add initial support for uploading PEP 740 attestations
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-05-16 19:20:30 +02:00
xuanzhi33
aeff019ac8
docs(fix): Fix a markdown alert
2024-02-24 18:46:07 +08:00
Dustin Spicuzza
415d7a6bec
Update README.md
...
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
a1a49954d3
Give more information to users
...
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Dustin Ingram
41c10ee223
Add link to configuration docs for Trusted Publishing
2023-08-11 11:23:40 -04:00
William Woodruff
637917e5f2
README: re-add "pro tip" language
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 18:01:51 -04:00
William Woodruff
4864f13c38
README: use semantic callouts
...
See: https://github.com/orgs/community/discussions/16925
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 17:58:56 -04:00
Sviatoslav Sydorenko
2a939dd49b
🎨 📝 Link SHA pinning encouragement @ README
...
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.
[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
2023-07-13 16:44:47 +02:00
William Woodruff
0811f991bd
README: small doc tweaks
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-24 09:30:35 -06:00
Sviatoslav Sydorenko
f47b34707f
📝 🎨 Put OIDC on pedestal @ README
...
This patch makes sure that the new users would go for the secretless
publishing when integrating the action, from the beginning.
2023-04-24 07:26:17 +02:00
Sviatoslav Sydorenko
7a1a355fb5
🎨 Show GH environments use in README examples
...
It is a useful protection feature giving the end-users more control
over the release flow and trust.
2023-04-24 07:07:39 +02:00
William Woodruff
c008c2f40a
README: re-add OIDC note
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-22 07:27:01 -06:00
William Woodruff
fe431ff9ad
README, oidc-exchange: remove beta references
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-21 16:09:58 -06:00
Sviatoslav Sydorenko
82695c57c9
📝 Link the announcement discussions from README
...
This patch encourages the end-users to share feedback using GitHub
Discussions instead of issues.
2023-04-03 18:19:33 +02:00
William Woodruff
89ddbeae04
README: retitle, add note
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 23:37:32 +09:00
William Woodruff
4372cb5585
README: replace OIDC with "trusted publishing"
...
Also updates the link to reference the public documentation
for trusted publishing, rather than the PyPI short help
section (which also needs to be updated).
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:26:53 +09:00
William Woodruff
2b46bad8cb
OIDC beta support
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko
f131721e84
🎨 Convert action inputs to use kebab-case
...
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Sviatoslav Sydorenko
ce291dce5b
🎨 🐛 Fix the branch @ pre-commit.ci badge links
2022-12-06 23:24:07 +01:00
Sviatoslav Sydorenko
47622d7eb0
🎨 Add CI/CD badges to README
2022-12-06 22:59:26 +01:00
Sviatoslav Sydorenko
5fb2f047e2
Drop `__token__` from README code usage snippets
...
This patch reduces the emphasis on the `__token__` value of the `user`
input since it's default anyway. It also adds a separate paragraph
showing how to specify a custom username if the need be.
Ref: https://github.com/pypa/packaging.python.org/issues/1108
2022-07-25 23:13:35 +02:00
Sviatoslav Sydorenko
7bbdccd64f
Update the mention of `master` with `unstable/v1`
2022-07-25 23:07:43 +02:00
Sviatoslav Sydorenko
328cf89e05
📝 Fix a link to the "Distribution Package" term
2022-07-25 22:55:14 +02:00
Sviatoslav Sydorenko
1bbe3c9926
📝 Announce deprecation of the `master` branch
...
From now on, the default repository branch is `unstable/v1`.
Resolves #83
2022-07-25 17:26:15 +02:00
Sviatoslav Sydorenko
9f0421c6c6
Add #StandWithUkraine banner to README
...
This patch highlights the original developer's identity while
spreading awareness about the circumstances[1] affecting the lead
contributors. Since it affects the maintenance of this project and the
users must be well-informed of why this repository doesn't get as much
attention as it deserves.
[1]: https://github.com/vshymanskyy/StandWithUkraine
2022-07-25 16:42:56 +02:00
meowmeowcat
c83d37bdf0
Introduce print_hash in README
2022-01-08 12:41:13 +08:00
Sviatoslav Sydorenko
bea5cda687
Fix a typo in README: s/wheels/wheel/
2021-02-19 20:28:01 +01:00
Sviatoslav Sydorenko
f334b3c277
Tell to use artifacts for platform wheels @ README
...
Per suggestion @
https://github.com/pypa/gh-action-pypi-publish/discussions/57#discussioncomment-365097
2021-02-19 20:22:31 +01:00
Sviatoslav Sydorenko
c89694fb92
Merge PR #55
2021-02-19 20:08:03 +01:00
Sviatoslav Sydorenko
ed5a157a01
Add an empty line after the title @ README
2021-02-19 20:04:22 +01:00
P. L. Lim
3f53700db1
DOC: Do not use master in examples
...
to be consistent with the "pro tip"
2021-01-22 09:36:17 -05:00
Ville Skyttä
4425980a33
Use PYPI_API_TOKEN instead of pypi_password as secret name in examples
...
GitHub secrets are customarily spelled in uppercase, and in PyPI terms
we're dealing with API tokens here, not passwords.
2020-12-12 18:08:55 +02:00
Subin Modeel
cf69e2047c
Update twine-upload.sh
2020-09-25 13:14:20 -04:00
Hugo van Kemenade
312517a552
Fix typo
2020-07-09 10:45:41 +03:00
Sviatoslav Sydorenko
00ef3b8182
Expose `skip_existing` setting to the end-users
2020-06-19 21:30:53 +02:00
Sviatoslav Sydorenko
65c102608d
Use detached link syntax in README
2020-06-03 17:53:04 +02:00
Sviatoslav Sydorenko
55abf9c047
Replace `github.ref` -> `github.event.ref` README
...
Resolves #31
2020-06-03 17:49:53 +02:00
Henry Schreiner
9bda1cadd0
Use metadata_verify instead of check
2020-06-03 11:05:45 -04:00
Henry Schreiner
176ae50c06
feat: Add twine check before upload #30
2020-06-02 14:44:35 -04:00
Samuel Williams
a8ddac2458
Fix typo in inputs
...
d7872a6165
changed the name of an input from `dist` to `packages-dir`,
but unfortunately it looks like GitHub actions expect underscores rather
than dashes, so deploys are currently broken with the following errors:
```
Run pypa/gh-action-pypi-publish@master
with:
user: __token__
password: ***
packages-dir: dist
env:
pythonLocation: /opt/hostedtoolcache/Python/3.8.0/x64
/usr/bin/docker run --name [...] -e INPUT_PACKAGES-DIR [...]
/app/twine-upload.sh: line 22: INPUT_PACKAGES_DIR: unbound variable
This patch replaces the dash with an underscore.
Resolves #20
2019-12-06 23:15:10 +00:00
Sviatoslav Sydorenko
19c0fbd15c
Reword `package-dir` example title in README
2019-12-06 13:44:40 +01:00
Sviatoslav Sydorenko
b645b1f9d3
Use a regular PyPI in the custom dist dir example
2019-12-06 13:42:24 +01:00
Sviatoslav Sydorenko
d7872a6165
Change `dist` param to `packages-dir`
2019-12-06 13:38:52 +01:00
Jesse Farebrother
4f4304928f
Custom dist
2019-12-05 16:25:02 -07:00
matham
7c2cab72a6
Indicate clearly what is being uploaded.
2019-11-26 16:07:42 -05:00
NIKHIL DHANDRE
12afb8d7be
Fix miss leading link creating & using secrets
2019-11-24 00:05:12 +05:30
Sviatoslav Sydorenko
66f4ba747a
Add a link to the PyPA guide
2019-09-27 13:37:19 +02:00
Sviatoslav Sydorenko
369493d046
Wrap lines in README to fit 80 chars
2019-09-24 23:04:57 +02:00
Sviatoslav Sydorenko
74be6d36c6
Add a README recommendation to pin action versions
2019-09-24 23:03:49 +02:00
Hugo van Kemenade
d773dec8a8
Test PyPI -> TestPyPI
2019-09-19 11:04:14 +03:00