- Aug 30, 2024
-
-
![dependabot[bot]'s avatar](/assets/no_avatar-849f9c04a3a0d0cea2424ae97b27447dc64a7dbfae83c036c45b403392f0e8ba.png "dependabot[bot]")
dependabot[bot] authoredBumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.1.1...v5.2.0 ) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
dependabot[bot] <support@github.com>
-
- Jul 16, 2024
-
-
dependabot[bot] authored
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 2.1.1 to 3.0.0. - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/gh-action-sigstore-python/compare/v2.1.1...v3.0.0 ) --- updated-dependencies: - dependency-name: sigstore/gh-action-sigstore-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by:
dependabot[bot] <support@github.com>
-
- Jul 11, 2024
-
-
dependabot[bot] authored
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.1.0...v5.1.1 ) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com>
-
- Jun 01, 2024
-
-
Adam Williamson authored
This is the one from https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/ again, with an `if` condition added and multilines rewrapped. As best as I can tell, this should work automagically, we don't need to "sign up for" sigstore or create any certificates or keys; it works by creating an ephemeral signing certificate bound to the identity of whatever GitHub user the workflow runs as (proved by OIDC), and signing with that. Signed-off-by:
Adam Williamson <awilliam@redhat.com>
-
- May 06, 2024
-
-
Adam Williamson authored
This is based on https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/#defining-a-workflow-job-environment . It's the sample config from there, with versions updated and our project name substituted in the appropriate places. I dropped the publish-to-testpypi bit because of https://github.com/pypa/packaging.python.org/issues/804 , and left the Github release part left out for now. We can add that later if we like, but we never published releases to Github before, so it doesn't seem required yet. I also tweaked the conditionals a bit to avoid running the build job on forks and publish only tags that start with 'v', as that's our convention for versions. Signed-off-by:
Adam Williamson <awilliam@redhat.com>
-