From 8e719ba47191b63c2743cf5c5a25a28f94b04a20 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 9 Aug 2023 15:36:32 +0200 Subject: [PATCH] Update pypa/gh-action-pypi-publish action to v1.8.8 (#1518) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.7` -> `v1.8.8` | --- ### Release Notes
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish) ### [`v1.8.8`](https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8) [Compare Source](https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8) #### :nail_care: Cosmetic output improvements - In [https://github.com/pypa/gh-action-pypi-publish/pull/167](https://github.com/pypa/gh-action-pypi-publish/pull/167), [@​woodruffw](https://github.com/woodruffw) introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by [@​sethmlarson] in [https://github.com/pypa/gh-action-pypi-publish/issues/164](https://github.com/pypa/gh-action-pypi-publish/issues/164), collaborating with [@​di](https://github.com/di). *:bulb: Tip:* The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/. #### :hammer_and_wrench: Internal dependencies - [@​pquentin] bumped the runtime dependency pins to the recent versions @&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://github.com/pypa/gh-action-pypi-publish/pull/168)ll/168. #### :muscle: New Contributors - [@​pquentin](https://github.com/pquentin) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/168](https://github.com/pypa/gh-action-pypi-publish/pull/168) **:mirror: Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8 [@​pquentin]: https://github.com/sponsors/pquentin [@​sethmlarson]: https://github.com/sponsors/sethmlarson
--- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). --- .github/workflows/publish-to-pypi.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml index 7dc841cd7ea..52f2af96d90 100644 --- a/.github/workflows/publish-to-pypi.yaml +++ b/.github/workflows/publish-to-pypi.yaml @@ -44,7 +44,7 @@ jobs: build --sdist --wheel --outdir dist/ . - name: Publish distribution to PyPI - uses: pypa/gh-action-pypi-publish@f5622bde02b04381239da3573277701ceca8f6a0 # v1.8.7 + uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8 with: password: ${{ secrets.PYPI_API_TOKEN }} packages_dir: dist/