gh-action-pypi-publish
gh-action-pypi-publish copied to clipboard
pypa
The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI: https://github.com/marketplace/actions/pypi-publish
This PR removes the OIDC token exchange logic, replacing it with `twine`'s built-in support for Trusted Publishing present in version `6.1.0`. In practice, this just means running `twine` without setting...
The action currently fails to run on the [ARM runners GitHub have made available](https://github.blog/news-insights/product-news/arm64-on-github-actions-powering-faster-more-efficient-build-systems/) because the Docker image used for releases only is available for the `linux/amd64` architecture. Would it...
WIP; haven't tested this yet. See https://github.com/pypa/gh-action-pypi-publish/pull/305#issuecomment-2499315017.
This should be possible by inspecting the following information sources: * `RUNNER_DEBUG` (environment variable): https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables * `ACTIONS_RUNNER_DEBUG` (var or secrets context): https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging#enabling-runner-diagnostic-logging * `ACTIONS_STEP_DEBUG` (var or secrets context): https://docs.github.com/en/actions/monitoring-and-troubleshooting-workflows/troubleshooting-workflows/enabling-debug-logging#enabling-step-debug-logging There's...
I wonder if we can have a sanity check for this… Your job run has `repository_url: https://upload.pypi.org/legacy/` in the log, which is our default. And GitHub Actions is built to...
this project is used with highly sensitive tokens and should not run code without hash checking it first.
So it happened that a short-lived token in yarl started expiring before all uploads managed to complete. This resulted in having to yank two releases: https://pypi.org/project/yarl/1.18.2/#history The last failure started...
This is how the official action does this: https://github.com/actions/toolkit/blob/77f247b/packages/attest/src/store.ts#L5-L44. This is the API endpoint doc: https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#create-an-attestation.
`${{ runner.environment }}` can be `github-hosted` and `self-hosted`: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#runner-context. This should be enough to detect if a warning is needed.
implementing the proposed workaround for ${{ github.action_path }} not working inside containers. https://github.com/actions/runner/issues/2185#issuecomment-1683545859 should close #300
