Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pypa/gh-action-pypi-publish action to v1.8.1 #127

Merged
merged 1 commit into from
Mar 18, 2023
Merged

Update pypa/gh-action-pypi-publish action to v1.8.1 #127

merged 1 commit into from
Mar 18, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 17, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
pypa/gh-action-pypi-publish action minor v1.6.4 -> v1.8.1

Release Notes

pypa/gh-action-pypi-publish

v1.8.1

Compare Source

🐛 What's Fixed

💔 Unfortunately, a tiny mistake in v1.8.0 caused a far-reaching regression for the most used code path.
❗ But don't worry, it's fixed now thanks to @​njzjz who promptly spotted it and @​zhongjiajie who sent a bugfix.

🙌 New Contributors

Full Diff: pypa/gh-action-pypi-publish@v1.8.0...v1.8.1

v1.8.0

Compare Source

The Coolest Release Ever!

In this release, @​woodruffw implemented support for secretless OIDC-based publishing to PyPI-like package indexes. The OIDC flow is activated when neither username nor password action inputs are set.

The OIDC “token exchange”, is an authentication technique that PyPI (and TestPyPI, and hopefully some future others) supports as an alternative to long-lived username/password combinations or long-lived API tokens.

IMPORTANT: The PyPI-side configuration is only available to participants of the private beta test. Please, only try out the zero-config mode if you are a beta test participant having followed the PyPI configuration instructions.

Setup prerequisites: https://github.com/marketplace/actions/pypi-publish#publishing-with-openid-connect
PyPI's documentation: https://pypi.org/help/#openid-connect
Beta test enrollment: https://github.com/pypi/warehouse/issues/12965

New Contributors

Full Diff: pypa/gh-action-pypi-publish@v1.7.1...v1.8.0

v1.7.1

Compare Source

Regression?

There was a small setback with v1.7.0 — the snake_case fallbacks didn't work because the check for the kebab-case env vars with default values set was always truthy. This bugfix release promptly fixes that.

Full Diff: pypa/gh-action-pypi-publish@v1.7.0...v1.7.1

v1.7.0

Compare Source

What should I care about?

TL;DR The action input names have been converted to use kebab-case and marked deprecated. But the old names still work.

This is made to align the public API with the de-facto conventions in the ecosystem. We've used snake_case names, which the maintainer considers a historical mistake. New kebab-case inputs will make the end-users' workflows look more consistent and and visually distinguishable from other identifiers one may encounter in YAML.

There is no timeline for removing the old names, but it will happen in v3 or later versions of the action. If the maintainer doesn't forget to do this, that is.

The patch is here: https://github.com/pypa/gh-action-pypi-publish/pull/125.

Full Diff: pypa/gh-action-pypi-publish@v1.6.5...v1.7.0

v1.6.5

Compare Source

What's Changed

  • Added an explicit warning when the password passed into the action is empty — thanks @​colindean

New Contributors

Full Diff: pypa/gh-action-pypi-publish@v1.6.4...v1.6.5

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/pypa-gh-action-pypi-publish-1.x branch from 6784116 to 9b9254b Compare March 17, 2023 23:25
@codecov-commenter
Copy link

Codecov Report

Merging #127 (9b9254b) into main (db5f307) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #127   +/-   ##
=======================================
  Coverage   91.09%   91.09%           
=======================================
  Files          15       15           
  Lines        1483     1483           
=======================================
  Hits         1351     1351           
  Misses        132      132

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@renovate renovate bot merged commit 5217fdd into main Mar 18, 2023
@renovate renovate bot deleted the renovate/pypa-gh-action-pypi-publish-1.x branch March 18, 2023 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@codecov-commenter