Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: pypa/gh-action-pypi-publish
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v1.8.6
Choose a base ref
...
head repository: pypa/gh-action-pypi-publish
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v1.8.7
Choose a head ref
  • 9 commits
  • 4 files changed
  • 6 contributors

Commits on May 12, 2023

  1. oidc-exchange: "fix" multiline annotations 

    Signed-off-by: William Woodruff <william@trailofbits.com>
    @woodruffw
    woodruffw committed May 12, 2023
    Copy the full SHA
    3063966 View commit details

Commits on May 17, 2023

  1. Merge pull request #156 from trail-of-forks/tob-fix-annotation

    @webknjaz
    webknjaz authored May 17, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f9ed8ba View commit details

Commits on May 23, 2023

  1. Bump requests from 2.28.1 to 2.31.0 in /requirements 

    Bumps [requests](https://github.com/psf/requests) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.28.1...v2.31.0)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored May 23, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    c803c91 View commit details

  2. Merge pull request #157 from pypa/dependabot/pip/requirements/request… 

    …s-2.31.0

Bump requests from 2.28.1 to 2.31.0 in /requirements
    @webknjaz
    webknjaz authored May 23, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    110f54a View commit details

Commits on May 29, 2023

  1. Ignore pip's root user warning

    @hugovk
    hugovk committed May 29, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    135d0d5 View commit details

Commits on Jun 2, 2023

  1. Bump cryptography from 39.0.1 to 41.0.0 in /requirements 

    Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@39.0.1...41.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jun 2, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5684530 View commit details

Commits on Jun 8, 2023

  1. Remove extraneous }

    @jaap3
    jaap3 authored Jun 8, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    775be49 View commit details

  2. Merge pull request #161 from jaap3/jaap3-patch-1 

    This patch remove extraneous trailing `}` from the annotation note.
    @webknjaz
    webknjaz authored Jun 8, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    3be882c View commit details

Commits on Jun 26, 2023

  1. Merge PRs #159 and #160 into unstable/v1

    @webknjaz
    webknjaz committed Jun 26, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    f5622bd View commit details
Showing with 12 additions and 7 deletions.
  1. +1 −0 Dockerfile
  2. +4 −0 oidc-exchange.py
  3. +6 −6 requirements/runtime.txt
  4. +1 −1 twine-upload.sh
1 change: 1 addition & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -8,6 +8,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1

ENV PIP_NO_CACHE_DIR 1
ENV PIP_ROOT_USER_ACTION ignore

ENV PATH "/root/.local/bin:${PATH}"
ENV PYTHONPATH "/root/.local/lib/python3.11/site-packages"
4 changes: 4 additions & 0 deletions oidc-exchange.py
View file
Original file line number Diff line number Diff line change
@@ -74,6 +74,10 @@ def die(msg: str) -> NoReturn:
with _GITHUB_STEP_SUMMARY.open("a", encoding="utf-8") as io:
print(_ERROR_SUMMARY_MESSAGE.format(message=msg), file=io)

# HACK: GitHub Actions' annotations don't work across multiple lines naively;
# translating `\n` into `%0A` (i.e., HTML percent-encoding) is known to work.
# See: https://github.com/actions/toolkit/issues/193
msg = msg.replace("\n", "%0A")
print(f"::error::Trusted publishing exchange failure: {msg}", file=sys.stderr)
sys.exit(1)

12 changes: 6 additions & 6 deletions requirements/runtime.txt
View file
Original file line number Diff line number Diff line change
@@ -14,12 +14,12 @@ charset-normalizer==2.1.1
# via requests
commonmark==0.9.1
# via rich
cryptography==39.0.1
cryptography==41.0.0
# via secretstorage
docutils==0.19
# via readme-renderer
id==1.0.0
# via -r requirements/runtime.in
# via -r runtime.in
idna==3.4
# via requests
importlib-metadata==5.1.0
@@ -38,7 +38,7 @@ more-itertools==9.0.0
# via jaraco-classes
pkginfo==1.9.2
# via
# -r requirements/runtime.in
# -r runtime.in
# twine
pycparser==2.21
# via cffi
@@ -50,9 +50,9 @@ pygments==2.13.0
# rich
readme-renderer==37.3
# via twine
requests==2.28.1
requests==2.31.0
# via
# -r requirements/runtime.in
# -r runtime.in
# id
# requests-toolbelt
# twine
@@ -67,7 +67,7 @@ secretstorage==3.3.3
six==1.16.0
# via bleach
twine==4.0.1
# via -r requirements/runtime.in
# via -r runtime.in
typing-extensions==4.5.0
# via pydantic
urllib3==1.26.13
2 changes: 1 addition & 1 deletion twine-upload.sh
View file
Original file line number Diff line number Diff line change
@@ -56,7 +56,7 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
else
echo \
'::notice::Using a username + password pair for authentication' \
"against ${INPUT_REPOSITORY_URL}}"
"against ${INPUT_REPOSITORY_URL}"
fi

if [[