From 1a0b3c418eea524bddca1caa51932d9f16bd46f4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 00:12:42 +0000 Subject: [PATCH 1/2] build(deps): Bump the actions group across 1 directory with 2 updates Bumps the actions group with 2 updates in the / directory: [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish). Updates `actions/attest-build-provenance` from 1.4.2 to 1.4.3 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/6149ea5740be74af77f260b9db67e633f6b0a9a1...1c608d11d69870c2092266b3f9a6f3abbf17002c) Updates `pypa/gh-action-pypi-publish` from 1.9.0 to 1.10.1 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/v1.9.0...v1.10.1) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/publish-package.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index e008e2b..e857908 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -55,7 +55,7 @@ jobs: - name: Generate artifact attestation for sdist and wheel # If publishing to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'yadage/yadage-schemas' - uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2 + uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3 with: subject-path: "dist/yadage_schemas-*" @@ -74,7 +74,7 @@ jobs: if: >- (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'yadage/yadage-schemas') || (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true' && github.repository == 'yadage/yadage-schemas') - uses: pypa/gh-action-pypi-publish@v1.9.0 + uses: pypa/gh-action-pypi-publish@v1.10.1 with: password: ${{ secrets.test_pypi_api_token }} repository_url: https://test.pypi.org/legacy/ @@ -82,7 +82,7 @@ jobs: - name: Publish distribution 📦 to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'yadage/yadage-schemas' - uses: pypa/gh-action-pypi-publish@v1.9.0 + uses: pypa/gh-action-pypi-publish@v1.10.1 with: password: ${{ secrets.pypi_api_token }} print-hash: true From ee72592ff0acb9efc03bcd6d68fecb34511fc260 Mon Sep 17 00:00:00 2001 From: Matthew Feickert Date: Sun, 8 Sep 2024 22:02:42 -0500 Subject: [PATCH 2/2] Add 'attestations: true' support --- .github/workflows/publish-package.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/publish-package.yml b/.github/workflows/publish-package.yml index e857908..03f1604 100644 --- a/.github/workflows/publish-package.yml +++ b/.github/workflows/publish-package.yml @@ -79,6 +79,7 @@ jobs: password: ${{ secrets.test_pypi_api_token }} repository_url: https://test.pypi.org/legacy/ print-hash: true + attestations: true - name: Publish distribution 📦 to PyPI if: github.event_name == 'release' && github.event.action == 'published' && github.repository == 'yadage/yadage-schemas' @@ -86,3 +87,4 @@ jobs: with: password: ${{ secrets.pypi_api_token }} print-hash: true + attestations: true