zarr-python icon indicating copy to clipboard operation
zarr-python copied to clipboard

Published 20 hours ago verified publisher icon zarr-developers

Updated pypa publish action

Open joshmoore opened this issue 2 years ago • 3 comments

From the GHA:

upload_pypi: # >> PyPA publish to PyPI GHA: UNSUPPORTED GITHUB ACTION VERSION <<#L1 You are using "pypa/gh-action-pypi-publish@master". The "master" branch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, use "pypa/gh-action-pypi-publish@release/v1". If you feel adventurous, you may opt to use use "pypa/gh-action-pypi-publish@unstable/v1" instead. A more general recommendation is to pin to exact tags or commit shas.

joshmoore avatar Sep 27 '22 18:09 joshmoore

Wonder if there is a way to link to latest

jakirkham avatar Sep 27 '22 18:09 jakirkham

May just need "main"

joshmoore avatar Sep 27 '22 19:09 joshmoore

Yeah think that is what is being called unstable/v1 (appears to be their default branch anyway)

Edit: Was wondering if there was a way to just get the latest stable release, but maybe that is not possible

jakirkham avatar Sep 27 '22 19:09 jakirkham

There is a way to get the latest stable release, in fact, dependabot will do this for us 😉 -

https://github.com/zarr-developers/zarr-python/blob/daad2fa86a32c3ed10871f6ba191ed3356b29e91/.github/dependabot.yml#L8-L11

We need to pin all the actions to a particular version, and then dependabot will update them weekly. I will create a PR for this!

Saransh-cpp avatar Oct 19 '22 09:10 Saransh-cpp

This is fantastic! Thank you 😄

jakirkham avatar Oct 19 '22 23:10 jakirkham