-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
twine/upload: attestations scaffolding #1095
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
sigmavirus24
approved these changes
Apr 29, 2024
Signed-off-by: William Woodruff <[email protected]>
Signed-off-by: William Woodruff <[email protected]>
Prevents subtle ordering bugs. Signed-off-by: William Woodruff <[email protected]>
3.8 is failing with:
and the integration suite is failing with:
...which both look unrelated. I can try my hand at both in separate PRs today 🙂 Edit: #1096 |
25 tasks
This should be good to go again! Integration is still failing due to 503s from TestPyPI, but the other test issues have been fully addressed 🙂 |
github-actions bot
pushed a commit
to Nr18/report2junit
that referenced
this pull request
May 17, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li> <li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li> <li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li> <li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li> <li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li> <li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
github-actions bot
pushed a commit
to conijnio/pull-request-codecommit
that referenced
this pull request
May 17, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li> <li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li> <li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li> <li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li> <li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li> <li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
May 17, 2024
…/packages/jsii-pacmak/lib/targets/python (#4516) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> <h2>Twine 5.0.0 (2024-02-10)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) <https://github.com/pypa/twine/issues/969></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#931](pypa/twine#931) <https://github.com/pypa/twine/issues/931></code><em>, <code>[#991](pypa/twine#991) <https://github.com/pypa/twine/issues/991></code></em>, <code>[#1028](pypa/twine#1028) <https://github.com/pypa/twine/issues/1028></code><em>, <code>[#1040](pypa/twine#1040) <https://github.com/pypa/twine/issues/1040></code></em></li> </ul> <h2>Twine 4.0.2 (2022-11-30)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Remove deprecated function to fix <code>twine check</code> with pkginfo 1.9.0. (<code>[#941](pypa/twine#941) <https://github.com/pypa/twine/issues/941></code>_)</li> </ul> <h2>Twine 4.0.1 (2022-06-01)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Improve logging when keyring fails. (<code>[#890](pypa/twine#890) <https://github.com/pypa/twine/issues/890></code>_)</li> <li>Reconfigure root logger to show all log messages. (<code>[#896](pypa/twine#896) <https://github.com/pypa/twine/issues/896></code>_)</li> </ul> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li> <li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li> <li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li> <li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li> <li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li> <li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
github-actions bot
pushed a commit
to conijnio/aws-iam-login
that referenced
this pull request
May 21, 2024
Bumps [twine](https://github.com/pypa/twine) from 5.0.0 to 5.1.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li><a href="https://github.com/pypa/twine/commit/1908be7034789d3fd97eaa4c904a89b214f49ded"><code>1908be7</code></a> Fix release workflow</li> <li><a href="https://github.com/pypa/twine/commit/6d7ffea75bd8713c749041ea5415f0496c9dd9b6"><code>6d7ffea</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1107">#1107</a> from woodruffw-forks/release-5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/bc91e5719c136acaf5b2fe0c1679ce1ba8d40963"><code>bc91e57</code></a> Update changelog for 5.1.0</li> <li><a href="https://github.com/pypa/twine/commit/de39ade426cc8b4b0b2261ca8dd1617fdf9764d2"><code>de39ade</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1085">#1085</a> from pypa/feature/pep-621</li> <li><a href="https://github.com/pypa/twine/commit/75de094adbf6765429254cc73775288a971d8321"><code>75de094</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1104">#1104</a> from ascheel/main</li> <li><a href="https://github.com/pypa/twine/commit/c512bbf166ac38239e58545a39155285f8747a7b"><code>c512bbf</code></a> Properly handle repository URLs with auth in them</li> <li><a href="https://github.com/pypa/twine/commit/e0ed8088fc872f449376d6d8e4fbf1b71b1a504f"><code>e0ed808</code></a> Changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/72ee030a0783959419962b9c4ff5c9fe16e5c507"><code>72ee030</code></a> Change regex string to a raw string.</li> <li><a href="https://github.com/pypa/twine/commit/04d7e2713466a06df6445fb0b01c3b9c79879ec7"><code>04d7e27</code></a> Sanitize URLs for logging/display purposes.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...5.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=twine&package-manager=pip&previous-version=5.0.0&new-version=5.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
mergify bot
pushed a commit
to aws/jsii
that referenced
this pull request
Jun 27, 2024
…/packages/jsii-pacmak/lib/targets/python (#4558) Updates the requirements on [twine](https://github.com/pypa/twine) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/twine/blob/main/docs/changelog.rst">twine's changelog</a>.</em></p> <blockquote> <h2>Twine 5.1.1 (2024-06-26)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li> <p>Resolve DeprecationWarnings when extracting <code>twine</code> metadata. (<code>[#1115](pypa/twine#1115) <https://github.com/pypa/twine/issues/1115></code>_)</p> </li> <li> <p>Fix bug for Repository URLs with auth where the port was lost. When attempting to prevent printing authentication credentials in URLs provided with username and password, we did not properly handle the case where the URL also contains a port (when reconstructing the URL). This is now handled and tested to ensure no regressions. (<code>#fix-repo-urls-with-auth-and-port <https://github.com/pypa/twine/issues/fix-repo-urls-with-auth-and-port></code>_)</p> </li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Features ^^^^^^^^</p> <ul> <li>Add the experimental <code>--attestations</code> flag. (<code>[#1095](pypa/twine#1095) <https://github.com/pypa/twine/issues/1095></code>_)</li> </ul> <h2>Twine 5.1.0 (2024-05-15)</h2> <p>Misc ^^^^</p> <ul> <li><code>[#1104](pypa/twine#1104) <https://github.com/pypa/twine/issues/1104></code>_</li> </ul> <h2>Twine 5.0.0 (2024-02-10)</h2> <p>Bugfixes ^^^^^^^^</p> <ul> <li>Use <code>email.message</code> instead of <code>cgi</code> as <code>cgi</code> has been deprecated (<code>[#969](pypa/twine#969) <https://github.com/pypa/twine/issues/969></code>_)</li> </ul> <p>Misc ^^^^</p> <ul> <li><code>[#931](pypa/twine#931) <https://github.com/pypa/twine/issues/931></code><em>, <code>[#991](pypa/twine#991) <https://github.com/pypa/twine/issues/991></code></em>, <code>[#1028](pypa/twine#1028) <https://github.com/pypa/twine/issues/1028></code><em>, <code>[#1040](pypa/twine#1040) <https://github.com/pypa/twine/issues/1040></code></em></li> </ul> <h2>Twine 4.0.2 (2022-11-30)</h2> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/twine/commit/e29791dcbcd4d39ffc5c4ce2e38e3884005bd368"><code>e29791d</code></a> Prepare for v5.1.1 (<a href="https://redirect.github.com/pypa/twine/issues/1114">#1114</a>)</li> <li><a href="https://github.com/pypa/twine/commit/f213ede904ec8553c82e75d6125efd1972fe8b00"><code>f213ede</code></a> fix: Retrieve metadata correctly from importlib_metadata (<a href="https://redirect.github.com/pypa/twine/issues/1115">#1115</a>)</li> <li><a href="https://github.com/pypa/twine/commit/6fbf880ee60915cf1666348c4bdd78a10415f2ac"><code>6fbf880</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1112">#1112</a> from pypa/bug/1111</li> <li><a href="https://github.com/pypa/twine/commit/3eb9121c6d6cdb0b0d2c0e55c89319cbceda038a"><code>3eb9121</code></a> Remove extra line from changelog entry</li> <li><a href="https://github.com/pypa/twine/commit/0191f0c9d9cae285df4c700dece7efc7c7de1551"><code>0191f0c</code></a> Preserve ports when munging repository URLs</li> <li><a href="https://github.com/pypa/twine/commit/c5887932a552c859376a53fb4dbe39f2ab17ba20"><code>c588793</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1110">#1110</a> from DimitriPapadopoulos/principle</li> <li><a href="https://github.com/pypa/twine/commit/1fdc197636fa1d354d5e4113121698e08824d3a0"><code>1fdc197</code></a> Fix a couple typos</li> <li><a href="https://github.com/pypa/twine/commit/13b07b67fdc7b6de589640655045687953edab24"><code>13b07b6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1109">#1109</a> from pypa/dependabot/github_actions/actions/checkout...</li> <li><a href="https://github.com/pypa/twine/commit/a3e837326aa9691c89ebefecb1449977d33f89e4"><code>a3e8373</code></a> build(deps): bump actions/checkout from 4.1.5 to 4.1.6</li> <li><a href="https://github.com/pypa/twine/commit/e9f70cff51d5b355305680b8501bdb17c2de015e"><code>e9f70cf</code></a> Merge pull request <a href="https://redirect.github.com/pypa/twine/issues/1108">#1108</a> from pypa/fix-release-workflow</li> <li>Additional commits viewable in <a href="https://github.com/pypa/twine/compare/5.0.0...v5.1.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
woodruffw
added a commit
to woodruffw-forks/twine
that referenced
this pull request
Oct 31, 2024
This fixes a bug that I accidentally introduced with attestations support: `twine upload` learned the difference between distributions and attestations, but `twine check` didn't. As a result, `twine check dist/*` would fail with an `InvalidDistribution` error whenever attestations are present in the dist directory, like so: ``` Checking dist/svgcheck-0.9.0.tar.gz: PASSED Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR InvalidDistribution: Unknown distribution format: 'svgcheck-0.9.0.tar.gz.publish.attestation' ``` This fixes the behavior of `twine check` by having it skip attestations in the input list, like it does with `.asc` signatures. To do this, I reused the `_split_inputs` helper that was added with pypa#1095, meaning that `twine upload` and `twine check` now have the same input splitting/filtering logic. See pypa/gh-action-pypi-publish#283 for some additional breakage context. Signed-off-by: William Woodruff <[email protected]>
sigmavirus24
pushed a commit
that referenced
this pull request
Oct 31, 2024
This fixes a bug that I accidentally introduced with attestations support: `twine upload` learned the difference between distributions and attestations, but `twine check` didn't. As a result, `twine check dist/*` would fail with an `InvalidDistribution` error whenever attestations are present in the dist directory, like so: ``` Checking dist/svgcheck-0.9.0.tar.gz: PASSED Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR InvalidDistribution: Unknown distribution format: 'svgcheck-0.9.0.tar.gz.publish.attestation' ``` This fixes the behavior of `twine check` by having it skip attestations in the input list, like it does with `.asc` signatures. To do this, I reused the `_split_inputs` helper that was added with #1095, meaning that `twine upload` and `twine check` now have the same input splitting/filtering logic. See pypa/gh-action-pypi-publish#283 for some additional breakage context. Signed-off-by: William Woodruff <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initial work towards #1094.
Summary:
--attestations
flag (defaultFalse
) and propagates its value intoSettings
_split_inputs
helper, which returns dists, signatures, and attestations as separate data structuresI've tried to keep this change small (~50 lines without the tests), so
--attestations
is currently a no-op. But if you'd prefer it do something substantive, I can add the "fail if the user passes--attestations
but one or more files are missing attestations" behavior to this changeset 🙂