Skip to content

Commit 7c314d8

Browse files
renovate[bot]renovate[bot]
authored
Update pypa/gh-action-pypi-publish action to v1.8.8 (#275)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.7` -> `v1.8.8` | --- ### Release Notes <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.8`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8) ##### 💅 Cosmetic output impovements - In [https://github.com/pypa/gh-action-pypi-publish/pull/167](https://togithub.com/pypa/gh-action-pypi-publish/pull/167), [@&#8203;woodruffw](https://togithub.com/woodruffw) introduced a nudge-warning encoraging people to start using secretless publishing to PyPI, as suggested by [@&#8203;sethmlarson] in [https://github.com/pypa/gh-action-pypi-publish/issues/164](https://togithub.com/pypa/gh-action-pypi-publish/issues/164), collaborating with [@&#8203;di](https://togithub.com/di). *:bulb: Tip:* The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/. ##### 🛠️ Internal dependencies - [@&#8203;pquentin] bumped the runtime dependency pins to the recent versions @&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168)ll/168. ##### 💪 New Contributors - [@&#8203;pquentin](https://togithub.com/pquentin) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168) **:mirror: Full Diff**: pypa/gh-action-pypi-publish@v1.8.7...v1.8.8 [@&#8203;pquentin]: https://togithub.com/sponsors/pquentin [@&#8203;sethmlarson]: https://togithub.com/sponsors/sethmlarson </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi41LjMiLCJ1cGRhdGVkSW5WZXIiOiIzNi41LjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 5fea2a9 commit 7c314d8

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.github/workflows/python-publish.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ jobs:
2626
- name: Build package
2727
run: python -m build
2828
- name: Publish package
29-
uses: pypa/[email protected].7
29+
uses: pypa/[email protected].8
3030
with:
3131
user: __token__
3232
password: ${{ secrets.PYPI_API_TOKEN }}

0 commit comments

Comments
 (0)