Add .zip extension to Windows package downloads for Expand-Archive Compatibility by @priyagupta108 in actions/setup-python#916
This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly.
Add arch to cache key by @Zxilly in actions/setup-python#896
This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts
fix(ci): update all failing workflows by @mayeut in actions/setup-python#863
This update ensures compatibility and optimal performance of workflows on the latest macOS version.
We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.
🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day
The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via https://github.com/pypa/gh-action-pypi-publish/commit/0ab0b79, though. So everything's good!
This time, @woodruffw💰 implemented support for PEP 740 attestations functionality in #236 and #245. This is a big deal, as it is a huge step forward to replacing what the deprecated GPG signatures used to provide in a more meaningful way.
[!IMPORTANT]
✨ Please, do opt into trying this feature out early. It can be enabled as follows:
🙏 And please, thank William for working on this amazing improvement for the ecosystem! The overall effort is tracked @ pypi/warehouse#15871, by the way.
:sparkles: Now supports commit signing with bot-generated tokens! See "What's new" below. :writing_hand::robot:
Behaviour changes
Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch.
The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried.
The pull-request-operation output now returns none when no operation was executed.
Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead.
What's new
The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details.
Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation.
A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action.
A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified.
Bumps the github-actions group with 13 updates in the / directory:
5.1.0
5.2.0
4.0.2
4.0.3
4.3.3
4.4.0
4.1.7
4.1.8
3.3.0
3.6.1
3.2.0
3.3.0
6.2.0
6.7.0
1.9.0
1.10.1
6.1.0
7.0.2
2.0.6
2.0.8
1.15.0
1.17.0
2.3.3
2.4.0
3.25.11
3.26.7
Updates
actions/setup-python
from 5.1.0 to 5.2.0Release notes
Sourced from actions/setup-python's releases.
Commits
f677139
Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)2bd53f9
Documentation update for caching poetry dependencies (#908)80b49d3
fix: add arch to cache key (#896)036a523
Fix: Add.zip
extension to Windows package downloads forExpand-Archive
C...04c1311
Fix display of emojis in contributors doc (#899)cb68456
Updated@iarna/toml
version to 3.0.0 (#912)39cd149
Documentation update for cache (#873)a0d74c0
fix(ci): update all failing workflows (#863)4eb7dbc
Bump braces from 3.0.2 to 3.0.3 (#893)Updates
actions/setup-node
from 4.0.2 to 4.0.3Release notes
Sourced from actions/setup-node's releases.
Commits
1e60f62
Bump braces from 3.0.2 to 3.0.3 (#1087)eff380d
Fix macos latest check failures (#1041)c2ac33f
Bump undici from 5.26.5 to 5.28.3 (#965)25b062c
Update README.md to update default Node version to 20 (#949)Updates
actions/upload-artifact
from 4.3.3 to 4.4.0Release notes
Sourced from actions/upload-artifact's releases.
Commits
5076954
Merge pull request #598 from actions/joshmgross/exclude-hidden-filesd52396a
Add a warning about enablinginclude-hidden-files
710f362
Remove "merged" frominclude-hidden-files
input description3b315f2
npm run release
again 🙂3be2180
Remove another trailing comma453e8d0
Update glob license0a398c1
npm run release
a0c40cf
Update to latest@actions/glob
and fix testsacb59e4
lint
cb6558b
Exclude hidden files by defaultUpdates
actions/download-artifact
from 4.1.7 to 4.1.8Release notes
Sourced from actions/download-artifact's releases.
Commits
fa0a91b
Merge pull request #341 from actions/robherley/bump-pkgsb54d088
Update@actions/artifact
version, bump dependenciesUpdates
docker/setup-buildx-action
from 3.3.0 to 3.6.1Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
988b5a0
Merge pull request #347 from crazy-max/skip-malformed-context2c21562
chore: update generated content3382292
check for malformed docker context3d68780
Merge pull request #341 from crazy-max/docker-context-tlsd069e98
chore: update generated content8b850f8
create docker context if default one has TLS data loadedaa33708
Merge pull request #345 from docker/dependabot/npm_and_yarn/docker/actions-to...2d99e34
chore: update generated content4dab436
build(deps): bump@docker/actions-toolkit
from 0.34.0 to 0.35.049a04d6
Merge pull request #344 from docker/dependabot/npm_and_yarn/docker/actions-to...Updates
docker/login-action
from 3.2.0 to 3.3.0Release notes
Sourced from docker/login-action's releases.
Commits
9780b0c
Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...2fa130c
chore: update generated content5e87b2a
build(deps): bump https-proxy-agente039495
Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...9af18aa
chore: update generated content668190a
switch to Docker execbe5150d
build(deps): bump@docker/actions-toolkit
from 0.24.0 to 0.35.0e80ebca
Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.375ee3ea
Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...793c19c
build(deps): bump docker/bake-action from 4 to 5Updates
docker/build-push-action
from 6.2.0 to 6.7.0Release notes
Sourced from docker/build-push-action's releases.
Commits
5cd11c3
Merge pull request #1211 from crazy-max/summary-info-message0aba704
chore: update generated content23c657a
print info message for build summary support checks16ebe77
Merge pull request #1205 from docker/dependabot/npm_and_yarn/docker/actions-t...646a62b
chore: update generated contentd92ab13
chore(deps): Bump@docker/actions-toolkit
from 0.37.0 to 0.37.14f7cdeb
Merge pull request #1198 from docker/dependabot/npm_and_yarn/docker/actions-t...ad3cd77
chore: update generated content3efbc13
chore(deps): Bump@docker/actions-toolkit
from 0.36.0 to 0.37.02dbe91d
Merge pull request #1197 from crazy-max/build-checksUpdates
pypa/gh-action-pypi-publish
from 1.9.0 to 1.10.1Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
Commits
0ab0b79
🚑 Invert the dists-to-attest validity check8a08d61
Expose PEP 740 attestations functionalityfb9fc6a
Merge pull request #245 from trail-of-forks/ww/bump-twine4d020ff
requirements: re-compile requirements with latest twineUpdates
peter-evans/create-pull-request
from 6.1.0 to 7.0.2Release notes
Sourced from peter-evans/create-pull-request's releases.
... (truncated)
Commits
d121e62
fix: disable diff detection for renames and copies (#3330)f4d66f4
build(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#3319)488c869
build(deps-dev): bump@types/node
from 18.19.48 to 18.19.50 (#3320)5354f85
docs: update readme8867c4a
fix: handle ambiguous argument failure on diff stat (#3312)6073f54
build(deps-dev): bump@typescript-eslint/eslint-plugin
(#3291)6d01b56
build(deps-dev): bump eslint-plugin-import from 2.29.1 to 2.30.0 (#3290)25cf845
build(deps-dev): bump@typescript-eslint/parser
from 7.17.0 to 7.18.0 (#3289)d87b980
build(deps-dev): bump@types/node
from 18.19.46 to 18.19.48 (#3288)119d131
build(deps): bump peter-evans/create-pull-request from 6 to 7 (#3283)Updates
softprops/action-gh-release
from 2.0.6 to 2.0.8Release notes
Sourced from softprops/action-gh-release's releases.
Changelog
Sourced from softprops/action-gh-release's changelog.
... (truncated)
Commits
c062e08
release 2.0.8380635c
chore(deps): bump@actions/github
from 5.1.1 to 6.0.0 (#470)20adb42
refactor: write jest config in ts (#485)f808f15
chore(deps): bump glob from 10.4.2 to 11.0.0 (#477)6145241
chore(deps): bump@octokit/plugin-throttling
from 9.3.0 to 9.3.1 (#484)4ac522d
chore(deps): bump@types/node
from 20.14.9 to 20.14.11 (#483)25849b1
chore(deps): bump prettier from 2.8.0 to 3.3.3 (#480)6206056
chore: update dependabot commit msg39aadf1
chore: runfrizbee actions .github/workflows/
6f3ab65
chore: update dist fileUpdates
reviewdog/action-suggester
from 1.15.0 to 1.17.0Release notes
Sourced from reviewdog/action-suggester's releases.
Commits
63b8f8c
Merge pull request #61 from reviewdog/depup/reviewdog/reviewdog