sonarcloud[bot]
commented
1 month ago 
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
This PR contains the following updates:
v1.9.0->v1.10.2Release Notes
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)
### [`v1.10.2`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.2) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2) #### π Cosmetic Output Improvements In [#250](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/250) and [#258](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/258), [@facutuesca](https://redirect.github.com/facutuesca)[π°](https://redirect.github.com/sponsors/facutuesca) added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! π¦ #### π οΈ Internal Dependencies [@woodruffw](https://redirect.github.com/woodruffw)[π°](https://redirect.github.com/sponsors/woodruffw) bumped `pypi-attestations` to v0.0.12 in [#262](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/262), hopefully fixing [#263](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263). π€ #### πͺ New Contributors [@facutuesca](https://redirect.github.com/facutuesca) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/258](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/258) **πͺ Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2 **π§ββοΈ Release Manager:** [@webknjaz πΊπ¦](https://redirect.github.com/sponsors/webknjaz) **π Special Thanks** to [@henryiii](https://redirect.github.com/henryiii)[π°](https://redirect.github.com/sponsors/henryiii) for promptly pointing up possible fixes for [#263](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/263). ### [`v1.10.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.1) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1) #### ππ Oopsie... We missed a tiny bug in the attestations feature the other day The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via https://github.com/pypa/gh-action-pypi-publish/commit/0ab0b79, though. So everything's good! \-- [@webknjaz](https://redirect.github.com/webknjaz)[π°](https://redirect.github.com/sponsors/webknjaz) > \[!IMPORTANT] > β¨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) like this: > > ```yml > with: > attestations: true > ``` > > Leave feedback in [the v1.10.0 release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). **πͺ Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.0...v1.10.1 **π§ββοΈ Release Manager:** [@webknjaz πΊπ¦](https://redirect.github.com/sponsors/webknjaz) **π Special Thanks** to [@hugovk](https://redirect.github.com/hugovk)[π°](https://redirect.github.com/sponsors/hugovk) for [promptly validating the bug fix](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/256#issuecomment-2325925847), mere minutes after I pushed it β I even haven't finished writing this text by then! ### [`v1.10.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.10.0) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0) #### π Anything fancy, eh? This time, [@woodruffw](https://redirect.github.com/woodruffw)[π°](https://redirect.github.com/sponsors/woodruffw) implemented support for [PEP 740] attestations functionality in [#236](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/236) and [#245](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/245). This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way. > \[!IMPORTANT] > β¨ Please, do opt into trying this feature out early. [It can be enabled](https://redirect.github.com/marketplace/actions/pypi-publish#generating-and-uploading-attestations) as follows: > > ```yml > with: > attestations: true > ``` > > Leave any feedback on this in [this release discussion](https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/255) or [the PR](https://redirect.github.com/pypa/gh-action-pypi-publish/pull/236). π And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @&#[https://github.com/pypi/warehouse/issues/15871](https://redirect.github.com/pypi/warehouse/issues/15871)/15871, by the way. **πͺ Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.0 **π§ββοΈ Release Manager:** [@webknjaz πΊπ¦](https://redirect.github.com/sponsors/webknjaz) [PEP 740]: https://peps.python.org/pep-0740/Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.