Commit Graph

326 Commits

Author SHA1 Message Date
Sviatoslav Sydorenko 699cd6103f ⇪📦 Bump the runtime dep lockfile 2024-05-16 17:50:20 +02:00
pre-commit-ci[bot] 8414fc2457 [pre-commit.ci] pre-commit autoupdate (#225)
* [pre-commit.ci] pre-commit autoupdate

updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5)
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1)
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1)
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0)
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0)

* Bump WPS to v0.19.x series

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

* Merge separate flake8 runs back into one

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-05-16 15:39:26 +00:00
Peter Shen 67a07ebbed Disable the progress bar when running twine upload
PR #231
Resolves #229

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
William Woodruff 771d60f44b Eliminate future tense in the password nudge in twine-upload
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.

Signed-off-by: William Woodruff <william@trailofbits.com>

PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko 04f4e64de3 Set Python 3.11 for the flake8-commas linter
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко) 3fbcf7ccf4 Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
dependabot[bot] 576aae3934 build(deps): bump idna from 3.6 to 3.7 in /requirements
Bumps [idna](https://github.com/kjd/idna) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko 81e9d935c8 Bump pip to v24.0 in runtime prerequisites lock v1.8.14 2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko 91527c4583 Regenerate lockfiles with pip-tools v7.4.1 2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko 3a817c6dce Bump action runtime to CPython 3.12 2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko 741947b9ca Add a config file for pip-tools v1.8.13 2024-03-07 23:43:48 +01:00
Sviatoslav Sydorenko d7af439579 Mass-bump transitive dependencies of runtime 2024-03-07 23:08:31 +01:00
Sviatoslav Sydorenko e90ddca975 Bump readme-renderer to v43.0 2024-03-07 23:07:33 +01:00
Sviatoslav Sydorenko dae7fa3e8d Bump Twine to v5.0.0 2024-03-07 23:05:40 +01:00
Sviatoslav Sydorenko 0fe04ae7d9 Bump id to v1.3.0 2024-03-07 23:04:40 +01:00
Sviatoslav Sydorenko 444e17980b Bump cryptography to v42.0.5 2024-03-07 23:02:36 +01:00
Sviatoslav Sydorenko 820be4e5e3 Normalize pip-tools' header comment @ runtime.txt
It's currently not prefixed with `requirements/` in most places and
that what Dependabot keeps using.
2024-03-07 23:00:46 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) aec4e82833 Merge pull request #219 from SigureMo/re-generate-requirements
build(deps): bump `pkginfo` version to support `Metadata-version=2.3`
2024-03-06 19:16:52 +01:00
SigureMo b065889f7f revert other bumps 2024-03-06 19:20:47 +08:00
SigureMo 00a7cd17a2 re-gen on Linux and run command in requirements/ 2024-03-06 01:59:27 +00:00
SigureMo 2972d54cda bump pkginfo only 2024-03-05 18:16:00 +08:00
SigureMo f6a1bcf881 Revert "build(deps): re-generate requirements to support Metadata-version=2.3"
This reverts commit e6ed2a4dfb.
2024-03-05 18:07:49 +08:00
SigureMo e6ed2a4dfb build(deps): re-generate requirements to support Metadata-version=2.3 2024-03-05 12:56:14 +08:00
William Woodruff e53eb8b103 Clarify the error during OIDC exchange on PRs from forks
This specializes the token retrieval error handling, providing an
alternative error message when the error cause is something
that we know can't possibly work due to GitHub's own restrictions
on PRs from forks.

PR #203
Closes #202
Ref https://github.com/python-pillow/Pillow/pull/7616

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
v1.8.12
2024-02-27 05:09:52 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) edfa8f355b Merge pull request #216 from xuanzhi33/unstable/v1
Correct the trusted publishing note admonition markdown syntax in the README
2024-02-24 20:27:48 +01:00
xuanzhi33 aeff019ac8 docs(fix): Fix a markdown alert 2024-02-24 18:46:07 +08:00
Sviatoslav Sydorenko (Святослав Сидоренко) 24c5d5ca4a Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42.0.4
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
2024-02-22 02:26:27 +01:00
dependabot[bot] c13b4aa8c5 build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.2 to 42.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-21 20:44:40 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко) 72a79c870c Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42.0.2
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
2024-02-17 03:24:59 +01:00
dependabot[bot] 751e5b80a4 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
Bumps [cryptography](https://github.com/pyca/cryptography) from 42.0.0 to 42.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-17 00:58:14 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко) 0580fcbb84 Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42.0.0
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
2024-02-08 05:04:39 +01:00
dependabot[bot] a524841e7b build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.6 to 42.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко) 3f824c73d9 Merge pull request #204 from pypa/pre-commit-ci-update-config
[pre-commit.ci] pre-commit autoupdate
2024-02-05 18:14:39 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) 013c017b41 Revert flake8 to v4.0.1 for WPS 2024-02-05 18:13:32 +01:00
pre-commit-ci[bot] a0620a4177 [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/PyCQA/isort.git: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort.git/compare/5.12.0...5.13.2)
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.0 → 0.27.3](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.0...0.27.3)
- [github.com/pre-commit/pre-commit-hooks.git: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.4.0...v4.5.0)
- [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0)
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0)
- [github.com/PyCQA/pylint.git: v3.0.0 → v3.0.3](https://github.com/PyCQA/pylint.git/compare/v3.0.0...v3.0.3)
2024-02-05 18:12:44 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) e82f99a47c Merge pull request #186 from virtuald/virtuald-patch-1
Mention in the docs that reusable workflows aren't supported right now
2024-02-05 18:12:13 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) e080e0073c Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint
This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.
2024-02-05 17:59:15 +01:00
William Woodruff cd96453c9d oidc-exchange: update OIDC minting endpoint
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-01-10 16:05:30 -05:00
Dustin Spicuzza 415d7a6bec Update README.md
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza dea1d707f3 Update oidc-exchange.py
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-12-20 15:11:12 +01:00
Dustin Spicuzza a1a49954d3 Give more information to users
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко) c12cc61414 Merge pull request #196 from woodruffw-forks/ww/notice-to-debug
This replaces the use of `::notice` in each authentication case with `::debug`, reducing the user confusion caused by the these messages. It also simplifies the message in the Trusted Publishing case to make it less ambiguous.

Closes #192.
2023-12-20 12:12:06 +01:00
William Woodruff 674fb78567 twine-upload: replace notice with debug, simplify msgs 2023-12-04 20:27:16 -05:00
Sviatoslav Sydorenko 2f6f737ca5 Merge commit PR #184 into unstable/v1 v1.8.11 2023-11-29 03:25:52 +01:00
Sviatoslav Sydorenko 2fa448ab0c Merge PRs #190, #184, #185, #189 and #194 into unstable/v1 2023-11-29 03:23:56 +01:00
Sviatoslav Sydorenko 824ad31786 Revert flake8 to v4.0.1 for WPS 2023-11-29 03:23:18 +01:00
dependabot[bot] 41f3f53c75 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.3 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-28 23:56:20 +00:00
William Woodruff 2319287e0a twine-upload: ::error, switch nudge order
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-11-22 17:28:02 -05:00
William Woodruff 254a0d4ec4 twine-upload: add a nudge for password auth
Closes #187.
2023-11-05 23:53:52 -05:00
dependabot[bot] 70a33caeb9 Bump pip from 22.3.1 to 23.3 in /requirements
Bumps [pip](https://github.com/pypa/pip) from 22.3.1 to 23.3.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3)

---
updated-dependencies:
- dependency-name: pip
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-11-02 21:42:46 +00:00