Skip to content

Commit 8e719ba

Browse files
renovate-botrenovate-bot
authored
Update pypa/gh-action-pypi-publish action to v1.8.8 (#1518)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.8.7` -> `v1.8.8` | --- ### Release Notes <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.8.8`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8) #### 💅 Cosmetic output improvements - In [https://github.com/pypa/gh-action-pypi-publish/pull/167](https://togithub.com/pypa/gh-action-pypi-publish/pull/167), [@&#8203;woodruffw](https://togithub.com/woodruffw) introduced a nudge-warning encouraging people to start using secretless publishing to PyPI, as suggested by [@&#8203;sethmlarson] in [https://github.com/pypa/gh-action-pypi-publish/issues/164](https://togithub.com/pypa/gh-action-pypi-publish/issues/164), collaborating with [@&#8203;di](https://togithub.com/di). *:bulb: Tip:* The OIDC-based trusted publishing integration details can be found in the action README at https://github.com/marketplace/actions/pypi-publish#trusted-publishing and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/. It's gone GA on April 20, 2023, during PyCon: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/. And the Trail Of Bits blog post has some deeper explanation here: https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/. #### 🛠️ Internal dependencies - [@&#8203;pquentin] bumped the runtime dependency pins to the recent versions @&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168)ll/168. #### 💪 New Contributors - [@&#8203;pquentin](https://togithub.com/pquentin) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168) **:mirror: Full Diff**: pypa/gh-action-pypi-publish@v1.8.7...v1.8.8 [@&#8203;pquentin]: https://togithub.com/sponsors/pquentin [@&#8203;sethmlarson]: https://togithub.com/sponsors/sethmlarson </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNy4xIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
1 parent b2b6e62 commit 8e719ba

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

.github/workflows/publish-to-pypi.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ jobs:
4444
build
4545
--sdist --wheel --outdir dist/ .
4646
- name: Publish distribution to PyPI
47-
uses: pypa/gh-action-pypi-publish@f5622bde02b04381239da3573277701ceca8f6a0 # v1.8.7
47+
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8
4848
with:
4949
password: ${{ secrets.PYPI_API_TOKEN }}
5050
packages_dir: dist/

0 commit comments

Comments
 (0)