forked from facebookincubator/velox
-
Notifications
You must be signed in to change notification settings - Fork 2
Commit 28694f4
build(ci): Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (facebookincubator#11935)
Summary:
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.12.2 to 1.12.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's releases</a>.</em></p>
<blockquote>
<h2>v1.12.3</h2>
<h2>✨ What's Improved</h2>
<p>With the updates by <a href="https://github.com/woodruffw"><code>@woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> and <a href="https://github.com/webknjaz"><code>@webknjaz</code></a><a href="https://github.com/sponsors/webknjaz">💰</a> via <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/309">https://github.com/facebookincubator/velox/issues/309</a> and <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">https://github.com/facebookincubator/velox/issues/313</a>, it is now possible to publish <a href="https://packaging.python.org/en/latest/glossary/#term-Distribution-Package">distribution packages</a> that include <a href="https://packaging.python.org/en/latest/specifications/core-metadata/#metadata-version">core metadata v2.4</a>, like those built using <a href="https://www.maturin.rs/tutorial">maturin</a>. This is done by bumping <code>Twine</code> to v6.0.1 and <code>pkginfo</code> to v1.12.0.</p>
<h2>📝 Docs</h2>
<p>We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: <a href="https://github.com/marketplace/actions/pypi-publish#Non-goals">https://github.com/marketplace/actions/pypi-publish#Non-goals</a>.</p>
<blockquote>
<p>[!TIP]
Please, let us know in the <a href="https://github.com/pypa/gh-action-pypi-publish/discussions/314">release discussion</a> if anything still remains unclear.
<em>TL;DR</em> always call <a href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a> once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use <a href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a> on a GitHub-provided infra with <code>runs-on: ubuntu-latest</code>, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call <a href="https://github.com/marketplace/actions/pypi-publish"><code>pypi-publish</code></a> from composite actions.</p>
</blockquote>
<h2>🛠️ Internal Updates</h2>
<p><a href="https://github.com/br3ndonland"><code>@br3ndonland</code></a><a href="https://github.com/sponsors/br3ndonland">💰</a> improved the container image generation automation to include Git SHA in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/301">https://github.com/facebookincubator/velox/issues/301</a>. And <a href="https://github.com/woodruffw"><code>@woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> added the <code>workflow_ref</code> context to Trusted Publishing debug logging in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/305">https://github.com/facebookincubator/velox/issues/305</a>, helping us diagnose misconfigurations faster. <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">https://github.com/facebookincubator/velox/issues/313</a> also extends the smoke test in the CI to check against the <a href="https://www.maturin.rs/tutorial">maturin</a>-made dists. Additionally, <code>jeepney</code> and <code>secretstorage</code> transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.</p>
<p><strong>🪞 Full Diff</strong>: <a href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3">https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3</a></p>
<p><strong>🧔♂️ Release Manager:</strong> <a href="https://github.com/sponsors/webknjaz"><code>@webknjaz</code></a> <a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p>
<p><strong>🙏 Special Thanks</strong> to <a href="https://github.com/samuelcolvin"><code>@samuelcolvin</code></a><a href="https://github.com/sponsors/samuelcolvin">💰</a> for nudging me to cut this release sooner and for <a href="https://github.com/sponsors/webknjaz">sponsoring me</a> via <a href="https://github.com/pydantic"><code>@pydantic</code></a><a href="https://github.com/sponsors/pydantic">💰</a>!</p>
<p><strong>🔌 Shameless Plug</strong>: The other day I've made this <a href="https://bsky.app/starter-pack/webknjaz.me/3lbt5nu3vw22b">🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack</a> subscribe to read news from people like me :)</p>
<p><strong>💬 Discuss</strong> <a href="https://bsky.app/profile/webknjaz.me/post/3lcve36mtpk22">on Bluesky 🦋</a>, <a href="https://mastodon.social/webknjaz/113624274498685157">on Mastodon 🐘</a> and <a href="https://github.com/pypa/gh-action-pypi-publish/discussions/314">on GitHub</a>.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/67339c736fd9354cd4f8cb0b744f2b82a74b5c70"><code>67339c7</code></a> 📦 Only keep lower bounds @ input requirements</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/cbd6d01d855e02aab0908c7709d5c0ddc88c617a"><code>cbd6d01</code></a> 📝Fix a typo in "privileges" @ README</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/7252a9a09cc96cd5a356936f3d7570445b30bd8d"><code>7252a9a</code></a> 📝 Outline unsupported scenarios in README</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/a536fa950501c91689aa954f1d7b15c0503b6fc6"><code>a536fa9</code></a> 📌📦 Include jeepney & secretstorage pins</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/43caae4bb174f4ce5ae7e6d8bb85eb54f0fd9e80"><code>43caae4</code></a> 💅📦 Split transitive dep constraints</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/f371c3d5667fcc0531a2b48ebe2d44d3c314f905"><code>f371c3d</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313">https://github.com/facebookincubator/velox/issues/313</a> from webknjaz/maintenance/metadata-2.4</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/138a1215a3f0562a56c666c244d8f25a8e874e5b"><code>138a121</code></a> 📌📦 Pin <code>pkginfo</code> to v1.12 @ runtime deps</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/ff2b051b0afcb29a320583463b190216bbf80be4"><code>ff2b051</code></a> 🧪 Add a Maturin-based package to CI</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/0a0a6ae824040d7349dd2b2471a7907b86b45074"><code>0a0a6ae</code></a> 🧪 Allow CI to register multiple distributions</li>
<li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/e7723a410eb01c55f02a75cf26a230ed14f1b19e"><code>e7723a4</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/309">https://github.com/facebookincubator/velox/issues/309</a> from trail-of-forks/ww/bumptwine</li>
<li>Additional commits viewable in <a href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3">compare view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `dependabot rebase` will rebase this PR
- `dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `dependabot merge` will merge this PR after your CI passes on it
- `dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `dependabot cancel merge` will cancel a previously requested merge and block automerging
- `dependabot reopen` will reopen this PR if it is closed
- `dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
</details>
Pull Request resolved: facebookincubator#11935
Reviewed By: kKPulla
Differential Revision: D67882067
Pulled By: kevinwilfong
fbshipit-source-id: bb83a5b79da3c7f81b17ecfb18f8de2adde375ef1 parent ec96640 commit 28694f4Copy full SHA for 28694f4
1 file changed
+1
-1
lines changed.github/workflows/build_pyvelox.yml
Copy file name to clipboardexpand all lines: .github/workflows/build_pyvelox.yml+1-1
Original file line number | Diff line number | Diff line change | |
---|---|---|---|
| |||
182 | 182 |
| |
183 | 183 |
| |
184 | 184 |
| |
185 |
| - | |
| 185 | + | |
186 | 186 |
| |
187 | 187 |
| |
188 | 188 |
|
0 commit comments