b7f401de30
Merge PR #177 into unstable/v1
2023-08-10 22:58:37 +02:00
ba3ecc9355
oidc-exchange: fix padding
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-10 16:08:35 -04:00
ade57f54dc
Merge PRs #174 #175 and #172 into unstable/v1
2023-08-10 18:57:00 +02:00
637917e5f2
README: re-add "pro tip" language
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 18:01:51 -04:00
4864f13c38
README: use semantic callouts
...
See: https://github.com/orgs/community/discussions/16925
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 17:58:56 -04:00
326f9ad1e1
oidc-exchange: add-trailing-comma
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:17:18 -04:00
e5f0690e91
oidc-exchange: ignore a nested function
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:12:44 -04:00
8bdd0cc2a0
oidc-exchange: lintage
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:10:56 -04:00
71a0032909
oidc-exchange: render claims if exchange fails
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-08-09 15:08:47 -04:00
adef75a5a6
Bump cryptography from 41.0.2 to 41.0.3 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-02 02:15:59 +00:00
413a8d5d62
Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22
...
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
2023-07-26 11:43:53 +02:00
c185b8ee4e
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-07-25 23:36:57 +00:00
2a939dd49b
🎨 📝 Link SHA pinning encouragement @ README
...
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.
[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
2023-07-13 16:44:47 +02:00
f8c70e705f
Merge pull request #168 from pquentin/bump-dependencies
2023-07-12 02:46:40 +02:00
68276eb3e4
Merge pull request #167 from trail-of-forks/tob-nudge
2023-07-12 02:43:50 +02:00
a5d57af63c
Bump runtime dependencies
2023-07-11 09:31:13 +04:00
e90e853e89
twine-upload: only nudge on PyPI-looking domains
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 12:11:56 -04:00
be695966b0
twine-upload: add a nudge for trusted publishing
...
Closes #164 .
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 11:44:56 -04:00
54d67ed3c5
Merge pull request #165 from pypa/pre-commit-ci-update-config
2023-07-09 14:55:23 +02:00
d32e2fab32
Revert flake8 to v4.0.1
2023-07-09 14:53:38 +02:00
a8d92e9876
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v2.4.0 → v3.0.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.4.0...v3.0.0 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.22.0 → 0.23.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.22.0...0.23.2 )
- [github.com/codespell-project/codespell: v2.2.4 → v2.2.5](https://github.com/codespell-project/codespell/compare/v2.2.4...v2.2.5 )
- [github.com/adrienverge/yamllint.git: v1.30.0 → v1.32.0](https://github.com/adrienverge/yamllint.git/compare/v1.30.0...v1.32.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
2023-07-03 22:49:42 +00:00
f5622bde02
Merge PRs #159 and #160 into unstable/v1
2023-06-26 18:18:24 +02:00
3be882c473
Merge pull request #161 from jaap3/jaap3-patch-1
...
This patch remove extraneous trailing `}` from the annotation note.
2023-06-08 16:22:18 +02:00
775be49481
Remove extraneous }
2023-06-08 14:56:32 +02:00
5684530096
Bump cryptography from 39.0.1 to 41.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 39.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-06-02 20:16:33 +00:00
135d0d5353
Ignore pip's root user warning
2023-05-29 13:42:14 +03:00
110f54a387
Merge pull request #157 from pypa/dependabot/pip/requirements/requests-2.31.0
...
Bump requests from 2.28.1 to 2.31.0 in /requirements
2023-05-23 07:41:59 +02:00
c803c91ef0
Bump requests from 2.28.1 to 2.31.0 in /requirements
...
Bumps [requests](https://github.com/psf/requests ) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0 )
---
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-05-23 05:16:54 +00:00
f9ed8ba9ad
Merge pull request #156 from trail-of-forks/tob-fix-annotation
2023-05-17 02:02:16 +02:00
30639668ca
oidc-exchange: "fix" multiline annotations
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-05-12 11:04:38 -04:00
a56da0b891
Merge pull request #151 from asherf/trusted
2023-05-02 22:30:51 +02:00
e4b9031741
password input is no longer required, since not specifying it implies trusted publishing
...
Signed-off-by: Asher Foa <1268088+asherf@users.noreply.github.com>
2023-04-27 11:31:44 -04:00
5a085bf49e
Merge pull request #150 from trail-of-forks/tob-doc-tweaks
2023-04-24 22:34:21 -06:00
0811f991bd
README: small doc tweaks
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-24 09:30:35 -06:00
f47b34707f
📝 🎨 Put OIDC on pedestal @ README
...
This patch makes sure that the new users would go for the secretless
publishing when integrating the action, from the beginning.
2023-04-24 07:26:17 +02:00
7a1a355fb5
🎨 Show GH environments use in README examples
...
It is a useful protection feature giving the end-users more control
over the release flow and trust.
2023-04-24 07:07:39 +02:00
3b6670b0bd
Merge pull request #147 from trail-of-forks/tob-stabilize-oidc
...
README, oidc-exchange: remove beta references
2023-04-22 18:56:18 -06:00
c008c2f40a
README: re-add OIDC note
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-22 07:27:01 -06:00
fe431ff9ad
README, oidc-exchange: remove beta references
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-21 16:09:58 -06:00
c542b72dc6
Bump WPS flake8 plugin set to v0.17.0
2023-04-04 03:22:09 +02:00
f437f577c3
Merge pull request #145 from pypa/pre-commit-ci-update-config
...
[pre-commit.ci] pre-commit autoupdate
2023-04-04 02:33:37 +02:00
ba7045370c
Revert WPS flake8 hook version to 4.0.1
2023-04-04 01:28:01 +02:00
6cbdb5439a
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.3.1 → v1.5.1](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.3.1...v1.5.1 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.19.2 → 0.22.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.19.2...0.22.0 )
- [github.com/codespell-project/codespell: v2.2.2 → v2.2.4](https://github.com/codespell-project/codespell/compare/v2.2.2...v2.2.4 )
- [github.com/adrienverge/yamllint.git: v1.28.0 → v1.30.0](https://github.com/adrienverge/yamllint.git/compare/v1.28.0...v1.30.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
- [github.com/PyCQA/pylint.git: v2.15.9 → v3.0.0a6](https://github.com/PyCQA/pylint.git/compare/v2.15.9...v3.0.0a6 )
2023-04-03 23:10:34 +00:00
82695c57c9
📝 Link the announcement discussions from README
...
This patch encourages the end-users to share feedback using GitHub
Discussions instead of issues.
2023-04-03 18:19:33 +02:00
0bf742be3e
Merge pull request #143 from trail-of-forks/tob-rewrite-oidc-refs
...
This patch updates the user-facing OIDC mentions with the new "Trusted Publishing" term
to make it cohesive with how the PyPI docs names things now.
2023-04-03 17:56:36 +02:00
30c382209e
oidc-exchange: another link
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 23:39:43 +09:00
89ddbeae04
README: retitle, add note
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 23:37:32 +09:00
a0f29a5690
Apply suggestions from code review
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-04-03 23:14:57 +09:00
0b567d5b01
oidc-exchange, twine-upload: remove more OIDC refs
...
...but not all, since some make sense in a debugging
context.
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:32:49 +09:00
4372cb5585
README: replace OIDC with "trusted publishing"
...
Also updates the link to reference the public documentation
for trusted publishing, rather than the PyPI short help
section (which also needs to be updated).
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:26:53 +09:00
Sviatoslav Sydorenko
William Woodruff
dependabot[bot]
Sviatoslav Sydorenko
Quentin Pradet
pre-commit-ci[bot]
Jaap Roes
Hugo van Kemenade
Asher Foa
William Woodruff