Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency https://github.com/pypa/gh-action-pypi-publish to v1.12.3 #125

Merged
merged 1 commit into from
Dec 10, 2024
Merged

chore(deps): update dependency https://github.com/pypa/gh-action-pypi-publish to v1.12.3 #125

merged 1 commit into from
Dec 10, 2024

Conversation

salt-extensions-renovatebot[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
https://github.com/pypa/gh-action-pypi-publish action patch v1.12.2 -> v1.12.3

Release Notes

pypa/gh-action-pypi-publish (https://github.com/pypa/gh-action-pypi-publish)

v1.12.3

Compare Source

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #​309 and #​313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP]
Please, let us know in the release discussion if anything still remains unclear.
TL;DR always call [pypi-publish][pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish][pypi-publish] on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish][pypi-publish] from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #​301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #​305, helping us diagnose misconfigurations faster. #​313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @​pydantic💰!

🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Configuration

📅 Schedule: Branch creation - "before 4am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@salt-extensions-renovatebot salt-extensions-renovatebot bot merged commit dd06afe into main Dec 10, 2024
8 checks passed
@salt-extensions-renovatebot salt-extensions-renovatebot bot deleted the renovate/actions-non-major branch December 10, 2024 03:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants