Skip to content

Commit

Permalink
Update pypa/gh-action-pypi-publish action to v1.8.8 (#1518)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.7` -> `v1.8.8` |

---

### Release Notes

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.8`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.8)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.7...v1.8.8)

#### πŸ’… Cosmetic output improvements

- In
[https://github.com/pypa/gh-action-pypi-publish/pull/167](https://togithub.com/pypa/gh-action-pypi-publish/pull/167),
[@&#8203;woodruffw](https://togithub.com/woodruffw) introduced a
nudge-warning encouraging people to start using secretless publishing to
PyPI, as suggested by [@&#8203;sethmlarson] in
[https://github.com/pypa/gh-action-pypi-publish/issues/164](https://togithub.com/pypa/gh-action-pypi-publish/issues/164),
collaborating with [@&#8203;di](https://togithub.com/di).

*:bulb: Tip:* The OIDC-based trusted publishing integration details can
be found in the action README at
https://github.com/marketplace/actions/pypi-publish#trusted-publishing
and on the PyPI docs page at https://docs.pypi.org/trusted-publishers/.
It's gone GA on April 20, 2023, during PyCon:
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/.
And the Trail Of Bits blog post has some deeper explanation here:
https://blog.trailofbits.com/2023/05/23/trusted-publishing-a-new-benchmark-for-packaging-security/.

#### πŸ› οΈ Internal dependencies

- [@&#8203;pquentin] bumped the runtime dependency pins to the recent
versions
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168)ll/168.

#### πŸ’ͺ New Contributors

- [@&#8203;pquentin](https://togithub.com/pquentin) made their first
contribution in
[https://github.com/pypa/gh-action-pypi-publish/pull/168](https://togithub.com/pypa/gh-action-pypi-publish/pull/168)

**:mirror: Full Diff**:
pypa/gh-action-pypi-publish@v1.8.7...v1.8.8

[@&#8203;pquentin]: https://togithub.com/sponsors/pquentin

[@&#8203;sethmlarson]: https://togithub.com/sponsors/sethmlarson

</details>

---

### Configuration

πŸ“… **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

β™» **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

πŸ”• **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNy4xIiwidXBkYXRlZEluVmVyIjoiMzYuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->
  • Loading branch information
renovate-bot authored Aug 9, 2023
1 parent b2b6e62 commit 8e719ba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/publish-to-pypi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
build
--sdist --wheel --outdir dist/ .
- name: Publish distribution to PyPI
uses: pypa/gh-action-pypi-publish@f5622bde02b04381239da3573277701ceca8f6a0 # v1.8.7
uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8
with:
password: ${{ secrets.PYPI_API_TOKEN }}
packages_dir: dist/

0 comments on commit 8e719ba

Please sign in to comment.