Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2 by dependabot[bot] · Pull Request #93 · lobis/geant4-python-application · GitHub
Open Graph Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2 by dependabot[bot] · Pull Request #93 · lobis/geant4-python-application
X Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2 by dependabot[bot] · Pull Request #93 · lobis/geant4-python-application
Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2.
Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
v1.12.2
🐛 What's Fixed
The fix for signing legacy zip sdists turned out to be incomplete, so @woodruffw💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.1...v1.12.2
🧔♂️ Release Manager: @webknjaz 🇺🇦
v1.12.1
🐛 What's Fixed
Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those.
In #294, @webknjaz💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke pypi-publish from nested in-repo composite actions — another exotic use-case that was never tested in our CI.
@woodruffw💰 also managed to squeeze in a last-minute fix for detecting legacy .zip sdists while producing attestations via #295.
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.0...v1.12.1
🧔♂️ Release Manager: @webknjaz 🇺🇦
🙏 Huge Thanks to all the bug reporters for posting the logs, helping inspect the problems and verify the regression fixes!
v1.12.0
⚡️ Why Should You Update?
This is a minor version bump, but it does not add any new user-facing interfaces. Still, I felt like it should not be a patch-release: this update brings significant changes to the action invocation and internal release process.
Previously, each invocation of pypi-publish required building a container image in the invoking CI job. This was inefficient and added about 30 seconds to the publishing jobs at their startup just to build the container.
I wanted to improve this for over three years (#58) and a little over half a year ago @br3ndonland💰 stepped up and offered a very comprehensive solution to the limitation I was hoping to overcome: #230.
Going forward, I'm going to pre-build per-version containers prior to cutting each release. And the action invocations will just pull the image from GitHub Container registry.
[!CAUTION]
Known quirks:
This seems to not work on self-hosted runners without a python executable: #289. The workaround could be installing it prior to running the action.
Pinning to commit hashes does not work: #290. Workaround: postpone updating until it's fixed or switch to Git tags for now. Subscribe to that issue to follow the progress. UPD: This was an issue during the first 12 hours post release and it has been addressed upstream by publishing a commit SHA-tagged image for the release on Nov 12, 2024 at 10:27 UTC+1.
Calling pypi-publish from another nested repo-local composite action might be breaking file paths: #291. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.
Running within GitHub Enterprise fails on the action repo clone: #292. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.11.0...v1.12.0
🧔♂️ Release Manager: @webknjaz 🇺🇦
... (truncated)
Commits
15c56db Merge pull request #297 from trail-of-forks/ww/bump-pypi-attestations
fe8d148 requirements: bump pypi-attestations to 0.0.15
1f5d4ec Merge pull request #295 from trail-of-forks/ww/fix-sdist-collection
fec2f0c attestations: collect *.zip sdists as well
a8b73a6 Merge pull request #294 from webknjaz/bugfixes/optional-python
9b4dfb0 ✨ Pre-install Python if there's none
0a87186 Merge pull request #293 from webknjaz/bugfixes/uncheckout-intermediate-action
dfcfeca 🧪 Use prefetched action to make trampoline
0d02f37 📝💅 Update the CI/CD badge in README
61da13d Merge pull request #230 from br3ndonland/ghcr
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.2 🐛 What's Fixed The fix for signing legacy zip sdists tu...
X Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.2 🐛 What's Fixed The fix for signing legacy zip s...
Opengraph URL: https://github.com/lobis/geant4-python-application/pull/93
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/checks(.:format) |
| route-controller | pull_requests |
| route-action | checks |
| fetch-nonce | v2:3ce8c43c-a0dc-bdd3-3ca0-d613cd0621f9 |
| current-catalog-service-hash | 87dc3bc62d9b466312751bfd5f889726f4f1337bdff4e8be7da7c93d6c00a25a |
| request-id | D080:B2A0:A8C5AE:E38459:698E4151 |
| html-safe-nonce | 26756615bb6d2c889c2b3b4b911386c948bc320cfba42028c2a91545530e8a90 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJEMDgwOkIyQTA6QThDNUFFOkUzODQ1OTo2OThFNDE1MSIsInZpc2l0b3JfaWQiOiIzMzA4NzU1NDIxMjA0NzI2MDk3IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 9bb916fa8b7551c854dd05667180ac02b5481e6d8a9f92001fa0413581a912ce |
| hovercard-subject-tag | pull_request:2208701276 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,checks,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/lobis/geant4-python-application/pull/93/checks |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.2. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.2 🐛 What's Fixed The fix for signing legacy zip sdists tu... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | a5632af64f7fed7bff1d6a428d1aca1b94fa7a48f760de2d39d9b1effdbf0082 |
| turbo-cache-control | no-preview |
| go-import | github.com/lobis/geant4-python-application git https://github.com/lobis/geant4-python-application.git |
| octolytics-dimension-user_id | 35803280 |
| octolytics-dimension-user_login | lobis |
| octolytics-dimension-repository_id | 724433149 |
| octolytics-dimension-repository_nwo | lobis/geant4-python-application |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 724433149 |
| octolytics-dimension-repository_network_root_nwo | lobis/geant4-python-application |
| turbo-body-classes | logged-out env-production page-responsive full-width full-width-p-0 |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | aa1fa9100f85cd8b602c63c7e337f9151e70024f |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width