diff --git a/.github/workflows/_reusable-package-build.yml b/.github/workflows/_reusable-package-build.yml index 3c1aa5b9..ed566d60 100644 --- a/.github/workflows/_reusable-package-build.yml +++ b/.github/workflows/_reusable-package-build.yml @@ -36,7 +36,7 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 - - uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a # v2.8.0 + - uses: hynek/build-and-inspect-python-package@73aea398b9c8de9ea9e4464c6b13cb8b1f3d6294 # v2.9.0 id: build-pkg with: attest-build-provenance-github: ${{ !github.event.pull_request.head.repo.fork && !contains(fromJSON('["dependabot[bot]", "renovate[bot]"]'), github.actor) }} diff --git a/.github/workflows/_reusable-package-release.yml b/.github/workflows/_reusable-package-release.yml index f8e296bb..19dcb159 100644 --- a/.github/workflows/_reusable-package-release.yml +++ b/.github/workflows/_reusable-package-release.yml @@ -171,7 +171,7 @@ jobs: ref: main # Make sure to check out the latest commit on main, not the original commit that triggered the workflow fetch-depth: 0 - name: Build package - uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a # v2.8.0 + uses: hynek/build-and-inspect-python-package@73aea398b9c8de9ea9e4464c6b13cb8b1f3d6294 # v2.9.0 with: attest-build-provenance-github: 'true' # Upload the official package version to TestPyPI diff --git a/.github/workflows/_reusable-package-testpypi.yml b/.github/workflows/_reusable-package-testpypi.yml index 3ce4a95a..fca7b8af 100644 --- a/.github/workflows/_reusable-package-testpypi.yml +++ b/.github/workflows/_reusable-package-testpypi.yml @@ -36,7 +36,7 @@ jobs: with: package-name: ${{ inputs.package-name }} - name: Build package - uses: hynek/build-and-inspect-python-package@2dbbf2b252d3a3c7cec7a810e3ed5983bd17b13a # v2.8.0 + uses: hynek/build-and-inspect-python-package@73aea398b9c8de9ea9e4464c6b13cb8b1f3d6294 # v2.9.0 with: attest-build-provenance-github: 'true' outputs: