William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
...
PR #236
This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.
Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
fb9fc6a4e6
Merge pull request #245 from trail-of-forks/ww/bump-twine
2024-06-27 19:55:19 +02:00
William Woodruff
4d020ff0a9
requirements: re-compile requirements with latest twine
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-24 16:49:50 -04:00
Sviatoslav Sydorenko
ec4db0b4dd
Merge PR #243 into unstable/v1
2024-06-16 20:09:43 +02:00
William Woodruff
e7908444c6
oidc-exchange: link to status dashboard
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-11 17:49:43 -04:00
Sviatoslav Sydorenko
87b624f871
💅 Update homepage @ Dockerfile to GH Marketplace
2024-05-29 22:25:10 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
da2f9bb91e
Merge pull request #241 from br3ndonland/ghcr-label
...
Add Docker label for GHCR
2024-05-29 22:20:17 +02:00
Brendon Smith
abbea2dd5c
Add Docker label for GHCR
...
This commit will add the label `org.opencontainers.image.source` to the
Dockerfile. This label helps link GitHub Container Registry (GHCR) with
the associated repo.
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630
2024-05-29 22:18:35 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
2734d07314
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements ( #240 )
...
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements
2024-05-29 16:37:07 +02:00
dependabot[bot]
a54b9b8952
---
...
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko
699cd6103f
⇪ 📦 Bump the runtime dep lockfile
2024-05-16 17:50:20 +02:00
pre-commit-ci[bot]
8414fc2457
[pre-commit.ci] pre-commit autoupdate ( #225 )
...
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1 )
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1 )
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0 )
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0 )
* Bump WPS to v0.19.x series
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Merge separate flake8 runs back into one
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-05-16 15:39:26 +00:00
Peter Shen
67a07ebbed
Disable the progress bar when running `twine upload`
...
PR #231
Resolves #229
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
William Woodruff
771d60f44b
Eliminate future tense in the password nudge in `twine-upload`
...
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.
Signed-off-by: William Woodruff <william@trailofbits.com>
PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko
04f4e64de3
Set Python 3.11 for the `flake8-commas` linter
...
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3fbcf7ccf4
Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
...
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
dependabot[bot]
576aae3934
build(deps): bump idna from 3.6 to 3.7 in /requirements
...
Bumps [idna](https://github.com/kjd/idna ) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko
81e9d935c8
Bump `pip` to v24.0 in runtime prerequisites lock
2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko
91527c4583
Regenerate lockfiles with pip-tools v7.4.1
2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko
3a817c6dce
Bump action runtime to CPython 3.12
2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko
741947b9ca
Add a config file for `pip-tools`
2024-03-07 23:43:48 +01:00
Sviatoslav Sydorenko
d7af439579
Mass-bump transitive dependencies of runtime
2024-03-07 23:08:31 +01:00
Sviatoslav Sydorenko
e90ddca975
Bump `readme-renderer` to v43.0
2024-03-07 23:07:33 +01:00
Sviatoslav Sydorenko
dae7fa3e8d
Bump Twine to v5.0.0
2024-03-07 23:05:40 +01:00
Sviatoslav Sydorenko
0fe04ae7d9
Bump `id` to v1.3.0
2024-03-07 23:04:40 +01:00
Sviatoslav Sydorenko
444e17980b
Bump cryptography to v42.0.5
2024-03-07 23:02:36 +01:00
Sviatoslav Sydorenko
820be4e5e3
Normalize pip-tools' header comment @ `runtime.txt`
...
It's currently not prefixed with `requirements/` in most places and
that what Dependabot keeps using.
2024-03-07 23:00:46 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
aec4e82833
Merge pull request #219 from SigureMo/re-generate-requirements
...
build(deps): bump `pkginfo` version to support `Metadata-version=2.3`
2024-03-06 19:16:52 +01:00
SigureMo
b065889f7f
revert other bumps
2024-03-06 19:20:47 +08:00
SigureMo
00a7cd17a2
re-gen on Linux and run command in requirements/
2024-03-06 01:59:27 +00:00
SigureMo
2972d54cda
bump pkginfo only
2024-03-05 18:16:00 +08:00
SigureMo
f6a1bcf881
Revert "build(deps): re-generate requirements to support `Metadata-version=2.3`"
...
This reverts commit e6ed2a4dfb
.
2024-03-05 18:07:49 +08:00
SigureMo
e6ed2a4dfb
build(deps): re-generate requirements to support `Metadata-version=2.3`
2024-03-05 12:56:14 +08:00
William Woodruff
e53eb8b103
Clarify the error during OIDC exchange on PRs from forks
...
This specializes the token retrieval error handling, providing an
alternative error message when the error cause is something
that we know can't possibly work due to GitHub's own restrictions
on PRs from forks.
PR #203
Closes #202
Ref https://github.com/python-pillow/Pillow/pull/7616
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-02-27 05:09:52 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
edfa8f355b
Merge pull request #216 from xuanzhi33/unstable/v1
...
Correct the trusted publishing note admonition markdown syntax in the README
2024-02-24 20:27:48 +01:00
xuanzhi33
aeff019ac8
docs(fix): Fix a markdown alert
2024-02-24 18:46:07 +08:00
Sviatoslav Sydorenko (Святослав Сидоренко)
24c5d5ca4a
Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42.0.4
...
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
2024-02-22 02:26:27 +01:00
dependabot[bot]
c13b4aa8c5
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.2 to 42.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-21 20:44:40 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
72a79c870c
Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42.0.2
...
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
2024-02-17 03:24:59 +01:00
dependabot[bot]
751e5b80a4
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.0 to 42.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-17 00:58:14 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
0580fcbb84
Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42.0.0
...
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
2024-02-08 05:04:39 +01:00
dependabot[bot]
a524841e7b
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.6 to 42.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3f824c73d9
Merge pull request #204 from pypa/pre-commit-ci-update-config
...
[pre-commit.ci] pre-commit autoupdate
2024-02-05 18:14:39 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
013c017b41
Revert flake8 to v4.0.1 for WPS
2024-02-05 18:13:32 +01:00
pre-commit-ci[bot]
a0620a4177
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/PyCQA/isort.git: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort.git/compare/5.12.0...5.13.2 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.0 → 0.27.3](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.0...0.27.3 )
- [github.com/pre-commit/pre-commit-hooks.git: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.4.0...v4.5.0 )
- [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0 → v3.0.3](https://github.com/PyCQA/pylint.git/compare/v3.0.0...v3.0.3 )
2024-02-05 18:12:44 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e82f99a47c
Merge pull request #186 from virtuald/virtuald-patch-1
...
Mention in the docs that reusable workflows aren't supported right now
2024-02-05 18:12:13 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e080e0073c
Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint
...
This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.
2024-02-05 17:59:15 +01:00
William Woodruff
cd96453c9d
oidc-exchange: update OIDC minting endpoint
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-01-10 16:05:30 -05:00
Dustin Spicuzza
415d7a6bec
Update README.md
...
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
dea1d707f3
Update oidc-exchange.py
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-12-20 15:11:12 +01:00