fa8a0e8234
Make smoke test job depend on build job
...
https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1759486988
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
2024-09-14 14:04:11 -04:00
314a4119af
Move smoke test to reusable workflow
2024-09-08 13:23:30 -04:00
031df10bc5
[pre-commit.ci] auto fixes from pre-commit.com hooks
...
for more information, see https://pre-commit.ci
2024-09-07 18:39:31 +00:00
5521a4f2d7
Add Docker tags for major and minor versions
2024-09-07 14:28:31 -04:00
1ce7f9dd93
Verify fail-fast in unsupported environments
2024-09-07 13:19:32 -04:00
8d071a8f74
Drop args from create-docker-action.py
...
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
2024-09-07 13:19:28 -04:00
6eb8d3013b
Fail-fast in unsupported environments
...
https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1632406604
Co-authored-by: Sviatoslav Sydorenko (Святослав Сидоренко) <wk.cvs.github@sydorenko.org.ua>
2024-09-07 13:17:38 -04:00
80b172c65a
Check repo ID instead of repo owner ID
2024-09-07 13:17:38 -04:00
1bcf9d88c6
Check repo owner ID instead of repo name
2024-09-07 13:17:38 -04:00
c962c3384d
Dump action as JSON
2024-09-07 13:17:38 -04:00
61e875d7fe
Checkout `github.head_ref` and repo for PRs
...
https://github.com/actions/checkout/issues/27#issuecomment-535897113
https://github.com/actions/checkout/issues/1108
2024-09-07 13:17:38 -04:00
90ff14245c
Reset smoke test path
2024-09-07 13:17:38 -04:00
59e3edf69a
Don't update `actions/checkout@v3`
2024-09-07 13:17:38 -04:00
9337018ef6
Add `workflow_dispatch` trigger for Docker builds
2024-09-07 13:17:38 -04:00
b17295d929
Use YAML block strip syntax (`>-`) where possible
2024-09-07 13:17:38 -04:00
e236daa70c
Reset pre-commit `files:` regex
2024-09-07 13:17:37 -04:00
a6e32908e1
Generate Docker container action with Python
2024-09-07 13:17:35 -04:00
6364a07eb7
Separate `docker login` and `docker push`
...
https://github.com/pypa/gh-action-pypi-publish/pull/230#discussion_r1578694138
2024-09-07 13:13:36 -04:00
1e0ccc9165
Fix pre-commit errors
2024-09-07 13:13:36 -04:00
eb50ad49cf
Build Docker image and push to GHCR
...
Up to this point, the project has been set up as a Docker action
referencing the Dockerfile. The downside to using the Dockerfile for the
action is that the Docker image must be built every time the action is
used.
This commit will set up the project to build the Docker image and push
it to GitHub Container Registry (GHCR). This change will speed up user
workflows every time the action is used because the workflows will
simply pull the Docker image from GHCR instead of building again.
Changes:
- Add required metadata to Dockerfile
- Build container image with GitHub Actions
- Push container image to GHCR
Docker actions support pulling in pre-built Docker images. The downside
is that there's no way to specify the correct Docker tag because the
GitHub Actions `image` and `uses:` keys don't accept any context.
For example, if a user's workflow has
`uses: pypa/gh-action-pypi-publish@release/v1.8`, then the action should
pull in a Docker image built from the `release/v1.8` branch, something
like `ghcr.io/pypa/gh-action-pypi-publish:release-v1.8` (Docker tags
can't have `/`). The workaround is to switch the top-level `action.yml`
to a composite action that then calls the Docker action, substituting
the correct image name and tag.
2024-09-07 13:13:32 -04:00
36978192ca
Add nudge message with magic link to create new Trusted Publisher
...
PR #250
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-09-05 17:25:58 +02:00
4f8925cefa
Merge pull request #258 from facutuesca/patch-1
2024-09-05 17:06:25 +02:00
a58e550ac2
Remove redundant `Path.absolute()` call
2024-09-03 16:21:03 +02:00
0ab0b79471
🚑 Invert the dists-to-attest validity check
...
This bug sneaked into #236 but should not affect many people as the
attestations generation feature is experimental and opt-in.
Fixes #256
2024-09-03 10:25:06 +02:00
8a08d61689
Expose PEP 740 attestations functionality
...
PR #236
This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.
Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
fb9fc6a4e6
Merge pull request #245 from trail-of-forks/ww/bump-twine
2024-06-27 19:55:19 +02:00
4d020ff0a9
requirements: re-compile requirements with latest twine
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-24 16:49:50 -04:00
ec4db0b4dd
Merge PR #243 into unstable/v1
2024-06-16 20:09:43 +02:00
e7908444c6
oidc-exchange: link to status dashboard
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-06-11 17:49:43 -04:00
87b624f871
💅 Update homepage @ Dockerfile to GH Marketplace
2024-05-29 22:25:10 +02:00
da2f9bb91e
Merge pull request #241 from br3ndonland/ghcr-label
...
Add Docker label for GHCR
2024-05-29 22:20:17 +02:00
abbea2dd5c
Add Docker label for GHCR
...
This commit will add the label `org.opencontainers.image.source` to the
Dockerfile. This label helps link GitHub Container Registry (GHCR) with
the associated repo.
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630
2024-05-29 22:18:35 +02:00
2734d07314
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements ( #240 )
...
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements
2024-05-29 16:37:07 +02:00
a54b9b8952
---
...
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-21 05:26:31 +00:00
699cd6103f
⇪ 📦 Bump the runtime dep lockfile
2024-05-16 17:50:20 +02:00
8414fc2457
[pre-commit.ci] pre-commit autoupdate ( #225 )
...
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1 )
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1 )
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0 )
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0 )
* Bump WPS to v0.19.x series
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Merge separate flake8 runs back into one
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-05-16 15:39:26 +00:00
67a07ebbed
Disable the progress bar when running `twine upload`
...
PR #231
Resolves #229
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
771d60f44b
Eliminate future tense in the password nudge in `twine-upload`
...
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.
Signed-off-by: William Woodruff <william@trailofbits.com>
PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
04f4e64de3
Set Python 3.11 for the `flake8-commas` linter
...
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
3fbcf7ccf4
Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
...
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
576aae3934
build(deps): bump idna from 3.6 to 3.7 in /requirements
...
Bumps [idna](https://github.com/kjd/idna ) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-04-12 04:51:56 +00:00
81e9d935c8
Bump `pip` to v24.0 in runtime prerequisites lock
2024-03-08 00:20:54 +01:00
91527c4583
Regenerate lockfiles with pip-tools v7.4.1
2024-03-08 00:19:54 +01:00
3a817c6dce
Bump action runtime to CPython 3.12
2024-03-08 00:15:38 +01:00
741947b9ca
Add a config file for `pip-tools`
2024-03-07 23:43:48 +01:00
d7af439579
Mass-bump transitive dependencies of runtime
2024-03-07 23:08:31 +01:00
e90ddca975
Bump `readme-renderer` to v43.0
2024-03-07 23:07:33 +01:00
dae7fa3e8d
Bump Twine to v5.0.0
2024-03-07 23:05:40 +01:00
0fe04ae7d9
Bump `id` to v1.3.0
2024-03-07 23:04:40 +01:00
444e17980b
Bump cryptography to v42.0.5
2024-03-07 23:02:36 +01:00
Brendon Smith
pre-commit-ci[bot]
Facundo Tuesca
Sviatoslav Sydorenko (Святослав Сидоренко)
Sviatoslav Sydorenko
William Woodruff
dependabot[bot]
Peter Shen
William Woodruff