Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3 by dependabot[bot] · Pull Request #95 · lobis/geant4-python-application · GitHub
Open Graph Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3 by dependabot[bot] · Pull Request #95 · lobis/geant4-python-application
X Title: Bump pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3 by dependabot[bot] · Pull Request #95 · lobis/geant4-python-application
Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3.
Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
v1.12.3
✨ What's Improved
With the updates by @woodruffw💰 and @webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.
📝 Docs
We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.
[!TIP]
Please, let us know in the release discussion if anything still remains unclear.
TL;DR always call pypi-publish once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use pypi-publish on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call pypi-publish from composite actions.
🛠️ Internal Updates
@br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3
🧔♂️ Release Manager: @webknjaz 🇺🇦
🙏 Special Thanks to @samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @pydantic💰!
🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)
💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
v1.12.2
🐛 What's Fixed
The fix for signing legacy zip sdists turned out to be incomplete, so @woodruffw💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.1...v1.12.2
🧔♂️ Release Manager: @webknjaz 🇺🇦
v1.12.1
🐛 What's Fixed
Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those.
In #294, @webknjaz💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke pypi-publish from nested in-repo composite actions — another exotic use-case that was never tested in our CI.
... (truncated)
Commits
67339c7 📦 Only keep lower bounds @ input requirements
cbd6d01 📝Fix a typo in "privileges" @ README
7252a9a 📝 Outline unsupported scenarios in README
a536fa9 📌📦 Include jeepney & secretstorage pins
43caae4 💅📦 Split transitive dep constraints
f371c3d Merge pull request #313 from webknjaz/maintenance/metadata-2.4
138a121 📌📦 Pin pkginfo to v1.12 @ runtime deps
ff2b051 🧪 Add a Maturin-based package to CI
0a0a6ae 🧪 Allow CI to register multiple distributions
e7723a4 Merge pull request #309 from trail-of-forks/ww/bumptwine
Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show
Open Graph Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.3 ✨ What's Improved With the updates by @woodruffw💰 and ...
X Description: Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.3 ✨ What's Improved With the updates by @woodruf...
Opengraph URL: https://github.com/lobis/geant4-python-application/pull/95
X: @github
Domain: patch-diff.githubusercontent.com
| route-pattern | /:user_id/:repository/pull/:id/files(.:format) |
| route-controller | pull_requests |
| route-action | files |
| fetch-nonce | v2:8d8376b5-7300-3f12-2b55-545043ecbcf6 |
| current-catalog-service-hash | ae870bc5e265a340912cde392f23dad3671a0a881730ffdadd82f2f57d81641b |
| request-id | A3AC:18813B:86B32A:B4F804:698E3B53 |
| html-safe-nonce | 71f8e5769fbe3fcbfbdba60145d77594f3ff6c8bb27ec8bb66f6920ac5933a24 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJBM0FDOjE4ODEzQjo4NkIzMkE6QjRGODA0OjY5OEUzQjUzIiwidmlzaXRvcl9pZCI6IjI0NzMxMDU0NDQyNjU5MzM2NTEiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | c0782eda8abca938f7745002c9a32efd852b9ceceb99034d4c2c8936565c971c |
| hovercard-subject-tag | pull_request:2256830114 |
| github-keyboard-shortcuts | repository,pull-request-list,pull-request-conversation,pull-request-files-changed,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/lobis/geant4-python-application/pull/95/files |
| twitter:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| twitter:card | summary_large_image |
| og:image | https://avatars.githubusercontent.com/in/29110?s=400&v=4 |
| og:image:alt | Bumps pypa/gh-action-pypi-publish from 1.10.2 to 1.12.3. Release notes Sourced from pypa/gh-action-pypi-publish's releases. v1.12.3 ✨ What's Improved With the updates by @woodruffw💰 and ... |
| og:site_name | GitHub |
| og:type | object |
| hostname | github.com |
| expected-hostname | github.com |
| None | a5632af64f7fed7bff1d6a428d1aca1b94fa7a48f760de2d39d9b1effdbf0082 |
| turbo-cache-control | no-preview |
| diff-view | unified |
| go-import | github.com/lobis/geant4-python-application git https://github.com/lobis/geant4-python-application.git |
| octolytics-dimension-user_id | 35803280 |
| octolytics-dimension-user_login | lobis |
| octolytics-dimension-repository_id | 724433149 |
| octolytics-dimension-repository_nwo | lobis/geant4-python-application |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 724433149 |
| octolytics-dimension-repository_network_root_nwo | lobis/geant4-python-application |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | true |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | aa1fa9100f85cd8b602c63c7e337f9151e70024f |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width