In #270, @facutuesca💰 made a follow-up to their previous PR #250, making the hints show up more granularly. This effectively makes sure that the suggestion to enable Trusted Publishing does not get displayed when it's already in use. It also makes the message nicer in a few places on the UI.
🛠️ Internal Dependencies
@mosfet80💰 updated a few internal linter versions in #266, #267, and #271, no user impact. This is usually automated otherwise.
In #250 and #258, @facutuesca💰 added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! 🦄
🛠️ Internal Dependencies
@woodruffw💰 bumped pypi-attestations to v0.0.12 in #262, hopefully fixing #263. 🤞 Nah.. that wasn't it.
[!TIP]
Please keep in mind that reusable workflows are not yet supported, even though they sometimes work, mostly by accident.
🙏 Special Thanks to @henryiii💰 for promptly pointing up possible fixes for #263.
v1.10.1
🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day
The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via https://github.com/pypa/gh-action-pypi-publish/commit/0ab0b79, though. So everything's good!
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
evgeni
commented
3 weeks ago
Bumps pypa/gh-action-pypi-publish from 1.9.0 to 1.10.3.
Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
... (truncated)
Commits
f760068Merge pull request #271 from mosfet80/patch-36edc294Fix node.js v16 deprecation self-smoke-test-action.yml85a5a80Merge pull request #270 from trail-of-forks/fix-magic-link-summary954318bMerge pull request #267 from mosfet80/patch-224791c7Merge pull request #266 from mosfet80/patch-1d8c8948Fix magic link nudge formatting in job summarya1ce384Check for Trusted Publishing in magic link logic00b87c8Update check-jsonschema and pre-commit libsa571f1eUpdate pylint lib897895fMerge pull request #262 from trail-of-forks/ww/bump-attestations-reqDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show