Sviatoslav Sydorenko
ec4db0b4dd
Merge PR #243 into unstable/v1
2024-06-16 20:09:43 +02:00
William Woodruff
e7908444c6
oidc-exchange: link to status dashboard
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2024-06-11 17:49:43 -04:00
Sviatoslav Sydorenko
87b624f871
💅 Update homepage @ Dockerfile to GH Marketplace
2024-05-29 22:25:10 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
da2f9bb91e
Merge pull request #241 from br3ndonland/ghcr-label
...
Add Docker label for GHCR
2024-05-29 22:20:17 +02:00
Brendon Smith
abbea2dd5c
Add Docker label for GHCR
...
This commit will add the label `org.opencontainers.image.source` to the
Dockerfile. This label helps link GitHub Container Registry (GHCR) with
the associated repo.
https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry
https://github.com/pypa/gh-action-pypi-publish/pull/230/files#r1603926630
2024-05-29 22:18:35 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
2734d07314
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements ( #240 )
...
build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements
2024-05-29 16:37:07 +02:00
dependabot[bot]
a54b9b8952
---
...
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-05-21 05:26:31 +00:00
Sviatoslav Sydorenko
699cd6103f
⇪ 📦 Bump the runtime dep lockfile
2024-05-16 17:50:20 +02:00
pre-commit-ci[bot]
8414fc2457
[pre-commit.ci] pre-commit autoupdate ( #225 )
...
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.4 → v1.5.5](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.4...v1.5.5 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.3 → 0.28.1](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.3...0.28.1 )
- [github.com/adrienverge/yamllint.git: v1.33.0 → v1.35.1](https://github.com/adrienverge/yamllint.git/compare/v1.33.0...v1.35.1 )
- [github.com/PyCQA/flake8.git: 6.1.0 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/6.1.0...7.0.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 7.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...7.0.0 )
- [github.com/PyCQA/pylint.git: v3.0.3 → v3.1.0](https://github.com/PyCQA/pylint.git/compare/v3.0.3...v3.1.0 )
* Bump WPS to v0.19.x series
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* Merge separate flake8 runs back into one
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com >
2024-05-16 15:39:26 +00:00
Peter Shen
67a07ebbed
Disable the progress bar when running twine upload
...
PR #231
Resolves #229
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com >
2024-05-16 17:14:58 +02:00
William Woodruff
771d60f44b
Eliminate future tense in the password nudge in twine-upload
...
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.
Signed-off-by: William Woodruff <william@trailofbits.com >
PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
Sviatoslav Sydorenko
04f4e64de3
Set Python 3.11 for the flake8-commas linter
...
It doesn't yet support 3.12 and is an unconditional dependency of WPS.
2024-05-16 16:29:54 +02:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3fbcf7ccf4
Merge pull request #228 from pypa/dependabot/pip/requirements/idna-3.7
...
build(deps): bump idna from 3.6 to 3.7 in /requirements
2024-04-12 15:30:45 +02:00
dependabot[bot]
576aae3934
build(deps): bump idna from 3.6 to 3.7 in /requirements
...
Bumps [idna](https://github.com/kjd/idna ) from 3.6 to 3.7.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst )
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7 )
---
updated-dependencies:
- dependency-name: idna
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-04-12 04:51:56 +00:00
Sviatoslav Sydorenko
81e9d935c8
Bump pip to v24.0 in runtime prerequisites lock
2024-03-08 00:20:54 +01:00
Sviatoslav Sydorenko
91527c4583
Regenerate lockfiles with pip-tools v7.4.1
2024-03-08 00:19:54 +01:00
Sviatoslav Sydorenko
3a817c6dce
Bump action runtime to CPython 3.12
2024-03-08 00:15:38 +01:00
Sviatoslav Sydorenko
741947b9ca
Add a config file for pip-tools
2024-03-07 23:43:48 +01:00
Sviatoslav Sydorenko
d7af439579
Mass-bump transitive dependencies of runtime
2024-03-07 23:08:31 +01:00
Sviatoslav Sydorenko
e90ddca975
Bump readme-renderer to v43.0
2024-03-07 23:07:33 +01:00
Sviatoslav Sydorenko
dae7fa3e8d
Bump Twine to v5.0.0
2024-03-07 23:05:40 +01:00
Sviatoslav Sydorenko
0fe04ae7d9
Bump id to v1.3.0
2024-03-07 23:04:40 +01:00
Sviatoslav Sydorenko
444e17980b
Bump cryptography to v42.0.5
2024-03-07 23:02:36 +01:00
Sviatoslav Sydorenko
820be4e5e3
Normalize pip-tools' header comment @ runtime.txt
...
It's currently not prefixed with `requirements/` in most places and
that what Dependabot keeps using.
2024-03-07 23:00:46 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
aec4e82833
Merge pull request #219 from SigureMo/re-generate-requirements
...
build(deps): bump `pkginfo` version to support `Metadata-version=2.3`
2024-03-06 19:16:52 +01:00
SigureMo
b065889f7f
revert other bumps
2024-03-06 19:20:47 +08:00
SigureMo
00a7cd17a2
re-gen on Linux and run command in requirements/
2024-03-06 01:59:27 +00:00
SigureMo
2972d54cda
bump pkginfo only
2024-03-05 18:16:00 +08:00
SigureMo
f6a1bcf881
Revert "build(deps): re-generate requirements to support Metadata-version=2.3"
...
This reverts commit e6ed2a4dfb .
2024-03-05 18:07:49 +08:00
SigureMo
e6ed2a4dfb
build(deps): re-generate requirements to support Metadata-version=2.3
2024-03-05 12:56:14 +08:00
William Woodruff
e53eb8b103
Clarify the error during OIDC exchange on PRs from forks
...
This specializes the token retrieval error handling, providing an
alternative error message when the error cause is something
that we know can't possibly work due to GitHub's own restrictions
on PRs from forks.
PR #203
Closes #202
Ref https://github.com/python-pillow/Pillow/pull/7616
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com >
2024-02-27 05:09:52 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
edfa8f355b
Merge pull request #216 from xuanzhi33/unstable/v1
...
Correct the trusted publishing note admonition markdown syntax in the README
2024-02-24 20:27:48 +01:00
xuanzhi33
aeff019ac8
docs(fix): Fix a markdown alert
2024-02-24 18:46:07 +08:00
Sviatoslav Sydorenko (Святослав Сидоренко)
24c5d5ca4a
Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42.0.4
...
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
2024-02-22 02:26:27 +01:00
dependabot[bot]
c13b4aa8c5
build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.2 to 42.0.4.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.2...42.0.4 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-21 20:44:40 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
72a79c870c
Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42.0.2
...
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
2024-02-17 03:24:59 +01:00
dependabot[bot]
751e5b80a4
build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 42.0.0 to 42.0.2.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/42.0.0...42.0.2 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-17 00:58:14 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
0580fcbb84
Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42.0.0
...
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
2024-02-08 05:04:39 +01:00
dependabot[bot]
a524841e7b
build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.6 to 42.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.6...42.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2024-02-06 03:03:07 +00:00
Sviatoslav Sydorenko (Святослав Сидоренко)
3f824c73d9
Merge pull request #204 from pypa/pre-commit-ci-update-config
...
[pre-commit.ci] pre-commit autoupdate
2024-02-05 18:14:39 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
013c017b41
Revert flake8 to v4.0.1 for WPS
2024-02-05 18:13:32 +01:00
pre-commit-ci[bot]
a0620a4177
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/PyCQA/isort.git: 5.12.0 → 5.13.2](https://github.com/PyCQA/isort.git/compare/5.12.0...5.13.2 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.27.0 → 0.27.3](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.27.0...0.27.3 )
- [github.com/pre-commit/pre-commit-hooks.git: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.4.0...v4.5.0 )
- [github.com/adrienverge/yamllint.git: v1.32.0 → v1.33.0](https://github.com/adrienverge/yamllint.git/compare/v1.32.0...v1.33.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0 → v3.0.3](https://github.com/PyCQA/pylint.git/compare/v3.0.0...v3.0.3 )
2024-02-05 18:12:44 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e82f99a47c
Merge pull request #186 from virtuald/virtuald-patch-1
...
Mention in the docs that reusable workflows aren't supported right now
2024-02-05 18:12:13 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
e080e0073c
Merge pull request #206 from trail-of-forks/ww/update-oidc-endpoint
...
This patch updates the PyPI API minting endpoint used uding the OIDC exchange process.
2024-02-05 17:59:15 +01:00
William Woodruff
cd96453c9d
oidc-exchange: update OIDC minting endpoint
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2024-01-10 16:05:30 -05:00
Dustin Spicuzza
415d7a6bec
Update README.md
...
Add suggested changes.
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
dea1d707f3
Update oidc-exchange.py
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua >
2023-12-20 15:11:12 +01:00
Dustin Spicuzza
a1a49954d3
Give more information to users
...
Reusable workflows don't work, and it's challenging to know that. Help the user out.
2023-12-20 15:11:12 +01:00
Sviatoslav Sydorenko (Святослав Сидоренко)
c12cc61414
Merge pull request #196 from woodruffw-forks/ww/notice-to-debug
...
This replaces the use of `::notice` in each authentication case with `::debug`, reducing the user confusion caused by the these messages. It also simplifies the message in the Trusted Publishing case to make it less ambiguous.
Closes #192 .
2023-12-20 12:12:06 +01:00
William Woodruff
674fb78567
twine-upload: replace notice with debug, simplify msgs
2023-12-04 20:27:16 -05:00
Sviatoslav Sydorenko
2f6f737ca5
Merge commit PR #184 into unstable/v1
2023-11-29 03:25:52 +01:00
Sviatoslav Sydorenko
2fa448ab0c
Merge PRs #190 , #184 , #185 , #189 and #194 into unstable/v1
2023-11-29 03:23:56 +01:00
Sviatoslav Sydorenko
824ad31786
Revert flake8 to v4.0.1 for WPS
2023-11-29 03:23:18 +01:00
dependabot[bot]
41f3f53c75
Bump cryptography from 41.0.3 to 41.0.6 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.3 to 41.0.6.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.3...41.0.6 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-28 23:56:20 +00:00
William Woodruff
2319287e0a
twine-upload: ::error, switch nudge order
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-11-22 17:28:02 -05:00
William Woodruff
254a0d4ec4
twine-upload: add a nudge for password auth
...
Closes #187 .
2023-11-05 23:53:52 -05:00
dependabot[bot]
70a33caeb9
Bump pip from 22.3.1 to 23.3 in /requirements
...
Bumps [pip](https://github.com/pypa/pip ) from 22.3.1 to 23.3.
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst )
- [Commits](https://github.com/pypa/pip/compare/22.3.1...23.3 )
---
updated-dependencies:
- dependency-name: pip
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-11-02 21:42:46 +00:00
dependabot[bot]
102f507b75
Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.6 to 2.0.7.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-17 21:02:57 +00:00
Sviatoslav Sydorenko
79739dc2f2
Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
...
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
2023-10-02 23:46:28 -04:00
pre-commit-ci[bot]
9a3f9ad5bc
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v3.0.0 → v3.1.0](https://github.com/asottile/add-trailing-comma.git/compare/v3.0.0...v3.1.0 )
- [github.com/Lucas-C/pre-commit-hooks.git: v1.5.1 → v1.5.4](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.5.1...v1.5.4 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.23.2 → 0.27.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.23.2...0.27.0 )
- [github.com/codespell-project/codespell: v2.2.5 → v2.2.6](https://github.com/codespell-project/codespell/compare/v2.2.5...v2.2.6 )
- [github.com/PyCQA/flake8.git: 6.0.0 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/6.0.0...6.1.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.1.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.1.0 )
- [github.com/PyCQA/pylint.git: v3.0.0a6 → v3.0.0](https://github.com/PyCQA/pylint.git/compare/v3.0.0a6...v3.0.0 )
2023-10-03 00:40:18 +00:00
dependabot[bot]
75ca4c1f12
Bump urllib3 from 2.0.3 to 2.0.6 in /requirements
...
Bumps [urllib3](https://github.com/urllib3/urllib3 ) from 2.0.3 to 2.0.6.
- [Release notes](https://github.com/urllib3/urllib3/releases )
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst )
- [Commits](https://github.com/urllib3/urllib3/compare/2.0.3...2.0.6 )
---
updated-dependencies:
- dependency-name: urllib3
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-10-02 23:58:34 +00:00
Sviatoslav Sydorenko
a712d989cc
Make the vulnerability report URL direct
2023-09-11 16:40:56 +02:00
Sviatoslav Sydorenko
bbf06d8ae3
Migrate security doc from RST to Markdown
...
RST files are no longer correctly recognized by GitHub.
2023-09-11 16:38:50 +02:00
Sviatoslav Sydorenko
8cdc2ab67c
Merge pull request #179 from pypa/di-patch-1
2023-08-11 17:31:18 +02:00
Dustin Ingram
41c10ee223
Add link to configuration docs for Trusted Publishing
2023-08-11 11:23:40 -04:00
Sviatoslav Sydorenko
b7f401de30
Merge PR #177 into unstable/v1
2023-08-10 22:58:37 +02:00
William Woodruff
ba3ecc9355
oidc-exchange: fix padding
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-10 16:08:35 -04:00
Sviatoslav Sydorenko
ade57f54dc
Merge PRs #174 #175 and #172 into unstable/v1
2023-08-10 18:57:00 +02:00
William Woodruff
637917e5f2
README: re-add "pro tip" language
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 18:01:51 -04:00
William Woodruff
4864f13c38
README: use semantic callouts
...
See: https://github.com/orgs/community/discussions/16925
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 17:58:56 -04:00
William Woodruff
326f9ad1e1
oidc-exchange: add-trailing-comma
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 15:17:18 -04:00
William Woodruff
e5f0690e91
oidc-exchange: ignore a nested function
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 15:12:44 -04:00
William Woodruff
8bdd0cc2a0
oidc-exchange: lintage
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 15:10:56 -04:00
William Woodruff
71a0032909
oidc-exchange: render claims if exchange fails
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-08-09 15:08:47 -04:00
dependabot[bot]
adef75a5a6
Bump cryptography from 41.0.2 to 41.0.3 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 41.0.2 to 41.0.3.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/41.0.2...41.0.3 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-08-02 02:15:59 +00:00
Sviatoslav Sydorenko
413a8d5d62
Merge pull request #171 from pypa/dependabot/pip/requirements/certifi-2023.7.22
...
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
2023-07-26 11:43:53 +02:00
dependabot[bot]
c185b8ee4e
Bump certifi from 2023.5.7 to 2023.7.22 in /requirements
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2023.5.7 to 2023.7.22.
- [Commits](https://github.com/certifi/python-certifi/compare/2023.05.07...2023.07.22 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-07-25 23:36:57 +00:00
Sviatoslav Sydorenko
2a939dd49b
🎨 📝 Link SHA pinning encouragement @ README
...
This article [[1]] describes security flows of using branches and
tags as an end-user. The commit is intended to educate them but not
force doing so if they don't want to.
[1]: https://julienrenaux.fr/2019/12/20/github-actions-security-risk/
2023-07-13 16:44:47 +02:00
Sviatoslav Sydorenko
f8c70e705f
Merge pull request #168 from pquentin/bump-dependencies
2023-07-12 02:46:40 +02:00
Sviatoslav Sydorenko
68276eb3e4
Merge pull request #167 from trail-of-forks/tob-nudge
2023-07-12 02:43:50 +02:00
Quentin Pradet
a5d57af63c
Bump runtime dependencies
2023-07-11 09:31:13 +04:00
William Woodruff
e90e853e89
twine-upload: only nudge on PyPI-looking domains
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-07-10 12:11:56 -04:00
William Woodruff
be695966b0
twine-upload: add a nudge for trusted publishing
...
Closes #164 .
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-07-10 11:44:56 -04:00
Sviatoslav Sydorenko
54d67ed3c5
Merge pull request #165 from pypa/pre-commit-ci-update-config
2023-07-09 14:55:23 +02:00
Sviatoslav Sydorenko
d32e2fab32
Revert flake8 to v4.0.1
2023-07-09 14:53:38 +02:00
pre-commit-ci[bot]
a8d92e9876
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v2.4.0 → v3.0.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.4.0...v3.0.0 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.22.0 → 0.23.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.22.0...0.23.2 )
- [github.com/codespell-project/codespell: v2.2.4 → v2.2.5](https://github.com/codespell-project/codespell/compare/v2.2.4...v2.2.5 )
- [github.com/adrienverge/yamllint.git: v1.30.0 → v1.32.0](https://github.com/adrienverge/yamllint.git/compare/v1.30.0...v1.32.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
2023-07-03 22:49:42 +00:00
Sviatoslav Sydorenko
f5622bde02
Merge PRs #159 and #160 into unstable/v1
2023-06-26 18:18:24 +02:00
Sviatoslav Sydorenko
3be882c473
Merge pull request #161 from jaap3/jaap3-patch-1
...
This patch remove extraneous trailing `}` from the annotation note.
2023-06-08 16:22:18 +02:00
Jaap Roes
775be49481
Remove extraneous }
2023-06-08 14:56:32 +02:00
dependabot[bot]
5684530096
Bump cryptography from 39.0.1 to 41.0.0 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 39.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/39.0.1...41.0.0 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-06-02 20:16:33 +00:00
Hugo van Kemenade
135d0d5353
Ignore pip's root user warning
2023-05-29 13:42:14 +03:00
Sviatoslav Sydorenko
110f54a387
Merge pull request #157 from pypa/dependabot/pip/requirements/requests-2.31.0
...
Bump requests from 2.28.1 to 2.31.0 in /requirements
2023-05-23 07:41:59 +02:00
dependabot[bot]
c803c91ef0
Bump requests from 2.28.1 to 2.31.0 in /requirements
...
Bumps [requests](https://github.com/psf/requests ) from 2.28.1 to 2.31.0.
- [Release notes](https://github.com/psf/requests/releases )
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md )
- [Commits](https://github.com/psf/requests/compare/v2.28.1...v2.31.0 )
---
updated-dependencies:
- dependency-name: requests
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-05-23 05:16:54 +00:00
Sviatoslav Sydorenko
f9ed8ba9ad
Merge pull request #156 from trail-of-forks/tob-fix-annotation
2023-05-17 02:02:16 +02:00
William Woodruff
30639668ca
oidc-exchange: "fix" multiline annotations
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-05-12 11:04:38 -04:00
Sviatoslav Sydorenko
a56da0b891
Merge pull request #151 from asherf/trusted
2023-05-02 22:30:51 +02:00
Asher Foa
e4b9031741
password input is no longer required, since not specifying it implies trusted publishing
...
Signed-off-by: Asher Foa <1268088+asherf@users.noreply.github.com >
2023-04-27 11:31:44 -04:00
Sviatoslav Sydorenko
5a085bf49e
Merge pull request #150 from trail-of-forks/tob-doc-tweaks
2023-04-24 22:34:21 -06:00
William Woodruff
0811f991bd
README: small doc tweaks
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-24 09:30:35 -06:00
Sviatoslav Sydorenko
f47b34707f
📝 🎨 Put OIDC on pedestal @ README
...
This patch makes sure that the new users would go for the secretless
publishing when integrating the action, from the beginning.
2023-04-24 07:26:17 +02:00
Sviatoslav Sydorenko
7a1a355fb5
🎨 Show GH environments use in README examples
...
It is a useful protection feature giving the end-users more control
over the release flow and trust.
2023-04-24 07:07:39 +02:00
Sviatoslav Sydorenko
3b6670b0bd
Merge pull request #147 from trail-of-forks/tob-stabilize-oidc
...
README, oidc-exchange: remove beta references
2023-04-22 18:56:18 -06:00
William Woodruff
c008c2f40a
README: re-add OIDC note
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-22 07:27:01 -06:00
William Woodruff
fe431ff9ad
README, oidc-exchange: remove beta references
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-21 16:09:58 -06:00
Sviatoslav Sydorenko
c542b72dc6
Bump WPS flake8 plugin set to v0.17.0
2023-04-04 03:22:09 +02:00
Sviatoslav Sydorenko
f437f577c3
Merge pull request #145 from pypa/pre-commit-ci-update-config
...
[pre-commit.ci] pre-commit autoupdate
2023-04-04 02:33:37 +02:00
Sviatoslav Sydorenko
ba7045370c
Revert WPS flake8 hook version to 4.0.1
2023-04-04 01:28:01 +02:00
pre-commit-ci[bot]
6cbdb5439a
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/Lucas-C/pre-commit-hooks.git: v1.3.1 → v1.5.1](https://github.com/Lucas-C/pre-commit-hooks.git/compare/v1.3.1...v1.5.1 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.19.2 → 0.22.0](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.19.2...0.22.0 )
- [github.com/codespell-project/codespell: v2.2.2 → v2.2.4](https://github.com/codespell-project/codespell/compare/v2.2.2...v2.2.4 )
- [github.com/adrienverge/yamllint.git: v1.28.0 → v1.30.0](https://github.com/adrienverge/yamllint.git/compare/v1.28.0...v1.30.0 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
- [github.com/PyCQA/pylint.git: v2.15.9 → v3.0.0a6](https://github.com/PyCQA/pylint.git/compare/v2.15.9...v3.0.0a6 )
2023-04-03 23:10:34 +00:00
Sviatoslav Sydorenko
82695c57c9
📝 Link the announcement discussions from README
...
This patch encourages the end-users to share feedback using GitHub
Discussions instead of issues.
2023-04-03 18:19:33 +02:00
Sviatoslav Sydorenko
0bf742be3e
Merge pull request #143 from trail-of-forks/tob-rewrite-oidc-refs
...
This patch updates the user-facing OIDC mentions with the new "Trusted Publishing" term
to make it cohesive with how the PyPI docs names things now.
2023-04-03 17:56:36 +02:00
William Woodruff
30c382209e
oidc-exchange: another link
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-03 23:39:43 +09:00
William Woodruff
89ddbeae04
README: retitle, add note
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-03 23:37:32 +09:00
William Woodruff
a0f29a5690
Apply suggestions from code review
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua >
2023-04-03 23:14:57 +09:00
William Woodruff
0b567d5b01
oidc-exchange, twine-upload: remove more OIDC refs
...
...but not all, since some make sense in a debugging
context.
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-03 21:32:49 +09:00
William Woodruff
4372cb5585
README: replace OIDC with "trusted publishing"
...
Also updates the link to reference the public documentation
for trusted publishing, rather than the PyPI short help
section (which also needs to be updated).
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-03 21:26:53 +09:00
Sviatoslav Sydorenko
69efb8cbfb
Merge pull request #142 from trail-of-forks/tob-indicate-oidc
...
Add explanation of why the OIDC publishing was chosen to the log output.
2023-04-03 02:07:09 +02:00
William Woodruff
dfde872acc
Apply suggestions from code review
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua >
2023-04-02 22:20:08 +09:00
William Woodruff
3d567f44ce
twine-upload: expound
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-01 21:09:00 +09:00
William Woodruff
67b747a9c8
oidc-exchange: more explanation
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-04-01 14:41:16 +09:00
Sviatoslav Sydorenko
29930c9cf5
Merge pull request #139 from trail-of-forks/tob-improve-errors
...
This change improves the error output produced within the OIDC token exchange script by adding a title and a link to the Warehouse documentation for trusted publishers.
Ref #138 .
2023-04-01 04:10:38 +02:00
Sviatoslav Sydorenko
9c859e9a77
Merge pull request #140 from hugovk/oidc-whitespace
...
This change removes accidental double whitespaces from the OIDC CI log that were caused by a misconception that the arguments of `echo` would be joined the same way as Python's implicit string concatenation works.
2023-04-01 04:04:52 +02:00
Hugo van Kemenade
65bf8a81de
Remove double spaces
2023-03-29 21:22:09 +03:00
William Woodruff
486ec8dd23
oidc-exchange: improve errors
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-03-30 01:45:41 +09:00
Sviatoslav Sydorenko
48b317d84d
Merge PR #136 into unstable/v1
...
This patch improves the logging detalization of which authentication
mode is selected when the action runs. It uses the `::notice` workflow
command to surface this detail to the workflow run summary page as
annotations.
2023-03-22 16:22:52 +01:00
William Woodruff
ae295504b3
twine-upload: increase detail on console notices
...
Signed-off-by: William Woodruff <william@trailofbits.com >
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua >
2023-03-22 11:19:01 -04:00
Sviatoslav Sydorenko
f3ce18f699
Merge pull request #134 from trail-of-forks/tob-better-errors
...
oidc-exchange: avoid splitting the error message
2023-03-21 23:13:05 +01:00
William Woodruff
ea29ccc08c
oidc-exchange: avoid splitting the error message
...
Signed-off-by: William Woodruff <william@trailofbits.com >
2023-03-21 11:17:21 -04:00
Sviatoslav Sydorenko
a3a3bafbb3
🐛 Merge PR #131 from into unstable/v1
...
This patch fixes the default PyPI upload URL in the action metadata — a regression that happened in v1.8.0.
2023-03-16 10:10:51 +01:00
Jay Chung
d5417dc8be
🐛 Correct default upload URL
...
close : #130
2023-03-16 16:39:57 +08:00
Sviatoslav Sydorenko
8ef2b3d46c
Merge PR #123 into unstable/v1
...
This patch implements support for secret-less OIDC-based publishing to
PyPI-like package indexes. The OIDC flow is activated when neither
username, nor password action inputs are set.
The OIDC "token exchange," is an authentication technique that PyPI
(and TestPyPI, and hopefully some future others) supports as an
alternative to long-lived username/password combinations or API
tokens.
OIDC token exchange boils down to the following set of steps:
1. A user (currently only someone in the OIDC beta on PyPI) configured
a particular GitHub Actions workflow in their repository as a
trusted OIDC publisher;
2. That workflow uses this action to mint an OIDC token;
3. That OIDC token is sent to PyPI (or another index), which exchanges
it for a temporary API token;
4. That API token is used as normal.
For the seamless configuration-free upload to work, the end-users are
expected to explicitly assign the `id-token: write` privilege to the
auto-injected `GITHUB_TOKEN` secret on the job level. They should also
set up GHA workflow trust on the PyPI side.
PyPI's documentation: https://pypi.org/help/#openid-connect
Beta test enrollment: https://github.com/pypi/warehouse/issues/12965
2023-03-16 02:48:42 +01:00
William Woodruff
2b46bad8cb
OIDC beta support
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua >
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko
22b4d1f125
🐛 Make kebab options fall back for snake_case
...
The previous release didn't take into account the action defaults so
the promised fallbacks for the old input names didn't work. This patch
corrects that mistake.
2023-03-11 03:06:39 +01:00
Sviatoslav Sydorenko
7104b6e981
Merge branch 'maintenance/kebab-case-inputs' into unstable/v1
...
This patch normalizes the action inputs to be kebab-case while keeping
the old snake_case fallbacks working.
2023-03-11 02:01:32 +01:00
Sviatoslav Sydorenko
f131721e84
🎨 Convert action inputs to use kebab-case
...
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Sviatoslav Sydorenko
32b5e93709
Merge pull request #122 from colindean/empty-token
...
This patch implements displaying a warning when the password
input passed in to the action is empty.
2023-03-10 20:39:33 +01:00
Colin Dean
efcb9babc8
🎨 Warn about empty password/token action input
...
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.
Fixes #25 .
2023-03-10 20:37:53 +01:00
Sviatoslav Sydorenko
d2ce3ec872
⇪ Bump isort to v5.12.0
...
The previous version had a Poetry packaging problem. This patch
fixes that.
2023-03-10 20:27:46 +01:00
Sviatoslav Sydorenko
0eaf3a11fd
Merge pull request #121 from pypa/dependabot/pip/requirements/cryptography-39.0.1
...
Bump cryptography from 38.0.4 to 39.0.1 in /requirements
2023-03-06 23:17:07 +01:00
dependabot[bot]
6a2da9bc3b
Bump cryptography from 38.0.4 to 39.0.1 in /requirements
...
Bumps [cryptography](https://github.com/pyca/cryptography ) from 38.0.4 to 39.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases )
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst )
- [Commits](https://github.com/pyca/cryptography/compare/38.0.4...39.0.1 )
---
updated-dependencies:
- dependency-name: cryptography
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-02-08 04:41:02 +00:00
Sviatoslav Sydorenko
7eb3b701d1
Merge pull request #119 from pypa/pre-commit-ci-update-config
2023-01-02 22:23:27 +01:00
Sviatoslav Sydorenko
91e612128c
Revert WPS flake8 hook version to 4.0.1
2023-01-02 22:21:39 +01:00
pre-commit-ci[bot]
c13a06eb2f
[pre-commit.ci] pre-commit autoupdate
...
updates:
- [github.com/asottile/add-trailing-comma.git: v2.3.0 → v2.4.0](https://github.com/asottile/add-trailing-comma.git/compare/v2.3.0...v2.4.0 )
- [github.com/PyCQA/isort.git: 5.10.1 → 5.11.4](https://github.com/PyCQA/isort.git/compare/5.10.1...5.11.4 )
- [github.com/python-jsonschema/check-jsonschema.git: 0.18.3 → 0.19.2](https://github.com/python-jsonschema/check-jsonschema.git/compare/0.18.3...0.19.2 )
- [github.com/pre-commit/pre-commit-hooks.git: v4.3.0 → v4.4.0](https://github.com/pre-commit/pre-commit-hooks.git/compare/v4.3.0...v4.4.0 )
- [github.com/codespell-project/codespell: v2.2.1 → v2.2.2](https://github.com/codespell-project/codespell/compare/v2.2.1...v2.2.2 )
- [github.com/PyCQA/flake8.git: 4.0.1 → 6.0.0](https://github.com/PyCQA/flake8.git/compare/4.0.1...6.0.0 )
- [github.com/PyCQA/pylint.git: v2.15.3 → v2.15.9](https://github.com/PyCQA/pylint.git/compare/v2.15.3...v2.15.9 )
2023-01-02 20:49:16 +00:00
Sviatoslav Sydorenko
a260c7e54e
Merge pull request #117 from pypa/dependabot/pip/requirements/certifi-2022.12.7
2022-12-10 03:25:32 +01:00
dependabot[bot]
5a2ea379cb
Bump certifi from 2022.9.24 to 2022.12.7 in /requirements
...
Bumps [certifi](https://github.com/certifi/python-certifi ) from 2022.9.24 to 2022.12.7.
- [Release notes](https://github.com/certifi/python-certifi/releases )
- [Commits](https://github.com/certifi/python-certifi/compare/2022.09.24...2022.12.07 )
---
updated-dependencies:
- dependency-name: certifi
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-12-09 09:36:08 +00:00
Sviatoslav Sydorenko
c7f29f7ade
🐛 Override $HOME in the container with /root
...
This is necessary to let `python -m site` locate the real install
directories.
This fixes #115 — the bug caused by GitHub passing the value of
`$HOME` from the host system that does not match the container's
expectations.
2022-12-07 02:41:32 +01:00
Sviatoslav Sydorenko
644926c972
🧪 Always run smoke testing in debug mode
2022-12-07 02:34:31 +01:00
Sviatoslav Sydorenko
e71a4a4c1d
Add support for verbose bash execusion w/ $DEBUG
2022-12-07 00:07:43 +01:00
Sviatoslav Sydorenko
e56e8212f4
🐛 Make id always available in twine-upload
2022-12-07 00:07:20 +01:00
Sviatoslav Sydorenko
c879b84594
🐛 Use full path to bash in shebang
2022-12-07 00:02:01 +01:00
Sviatoslav Sydorenko
57e7d53102
🐛 Ensure the default $PATH value is pre-loaded
...
This patch imports the system-global profile script to
populate the `$PATH` variable with the typically available binary
paths.
Ref:
https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340065840
2022-12-06 23:58:05 +01:00
Sviatoslav Sydorenko
ce291dce5b
🎨 🐛 Fix the branch @ pre-commit.ci badge links
2022-12-06 23:24:07 +01:00
Sviatoslav Sydorenko
102d8ab13f
🐛 Rehardcode devpi port for GHA srv container
2022-12-06 23:18:25 +01:00
Sviatoslav Sydorenko
3a9eaef3ef
🐛 Use different ports in/out of GHA containers
2022-12-06 23:13:58 +01:00
Sviatoslav Sydorenko
a01fa7442e
🐛 Use localhost @ GHA outside the containers
2022-12-06 23:04:43 +01:00
Sviatoslav Sydorenko
ee892fd7f2
🐛 Move Twine repository URL definitions to steps
2022-12-06 23:01:39 +01:00
Sviatoslav Sydorenko
47622d7eb0
🎨 Add CI/CD badges to README
2022-12-06 22:59:26 +01:00
Sviatoslav Sydorenko
54b250c7bf
🧪 Add Python linters to pre-commit.ci
2022-12-06 22:52:30 +01:00
Sviatoslav Sydorenko
967acbb201
🎨 Reuse existing requirement pins @ smoke-test
2022-12-06 22:30:01 +01:00
Sviatoslav Sydorenko
5755482491
Stop upgrading pip @ GHA unnecessarily
2022-12-06 22:27:07 +01:00
Sviatoslav Sydorenko
dfc70e7dc8
Make the stub package dir creation verbose @ GHA
2022-12-06 22:26:35 +01:00
Sviatoslav Sydorenko
1c4183fd91
🎨 Make the GHA steps named
2022-12-06 22:26:08 +01:00
Sviatoslav Sydorenko
efa83bf521
Pin setuptools for pkg stub to v65.6.3
...
This patch is meant to improve the reproducibility of smoke-testing.
2022-12-06 22:20:59 +01:00
Sviatoslav Sydorenko
3f27ae2c90
Drop unnecessary wheel declaration from stub pkg
2022-12-06 22:18:59 +01:00
Sviatoslav Sydorenko
ee83abeb35
🎨 Put devpi creds into reusable vars @ GHA
2022-12-06 22:17:42 +01:00
Sviatoslav Sydorenko
08af49986e
🎭 Enable output ANSI-colorization in CI
2022-12-06 22:08:08 +01:00
Sviatoslav Sydorenko
713d81cca0
Update the test job ID to smoke-test
2022-12-06 22:06:28 +01:00
Sviatoslav Sydorenko
3a5c774287
Update the workflow name to 🧪
2022-12-06 22:06:05 +01:00
Sviatoslav Sydorenko
819df810af
Rename the GHA workflow to self-smoke-test-action
2022-12-06 22:02:49 +01:00
Sviatoslav Sydorenko
fedca4a9a8
🎨 Use explicit strings for action input defaults
2022-12-06 21:44:30 +01:00
Sviatoslav Sydorenko
1350b8bd72
🐛 Avoid broken env vars passed by GHA from host
...
Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112 .
2022-12-06 21:40:38 +01:00
Sviatoslav Sydorenko
dfae161eab
Add a config for pre-commit.ci
2022-12-06 00:17:52 +01:00
Sviatoslav Sydorenko
b3f93a1ad6
Expect the GHA workflow to complete in 2 minutes
2022-12-06 00:16:34 +01:00
Sviatoslav Sydorenko
595429bec5
Drop the execute privilege bit from print-hash.py
...
This is requested by the pre-commit.ci linting
2022-12-06 00:13:22 +01:00
Sviatoslav Sydorenko
cde4774fb1
Adjust the GHA workflow per yamllint rules
2022-12-06 00:11:43 +01:00
Sviatoslav Sydorenko
a737e68aed
Sync funding config with other places I maintain
2022-12-06 00:08:31 +01:00
Sviatoslav Sydorenko
f68ac3ea4e
Merge PR #111 into unstable/v1
...
This patch adds a simple GHA-based smoke test that uses devpi to
verify the main success path of the action.
2022-12-05 23:34:15 +01:00
Sviatoslav Sydorenko
7ef975b955
Run CI smoke-tests in PRs
2022-12-05 23:33:07 +01:00
S2
9022aae148
Add test upload workflow
2022-12-06 09:01:24 +11:00
Sviatoslav Sydorenko
5d1679fa6b
Use py3.11 user-global site-packages in PYTHONPATH
2022-12-03 04:18:27 +01:00
Sviatoslav Sydorenko
d2a2496a01
Switch the runtime from Python 3.9 to Python 3.11
2022-12-03 02:46:45 +01:00
Sviatoslav Sydorenko
d7edd4c957
Add user-global site-packages to $PYTHONPATH
2022-11-30 11:37:45 +01:00
Sviatoslav Sydorenko
8d5f27cca4
Install Twine in the user-global site-packages
2022-11-30 11:17:41 +01:00
Sviatoslav Sydorenko
b0dc178d8e
Disable pip cache dir with an env var
2022-11-30 11:17:12 +01:00
Sviatoslav Sydorenko
bbf6e0b2f0
Copy requirements to corresponding dir @ container
...
This corrects the mistake of setting wrong target directory made
earlier in c54db9c2b7 .
2022-11-30 11:03:33 +01:00
Sviatoslav Sydorenko
0b69a8c2df
Document broken pkginfo==1.9.0 transitive dep
...
Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/107
2022-11-30 10:32:45 +01:00
Sviatoslav Sydorenko
c54db9c2b7
Integrate pip-tools-generated constraint files
...
This patch adds constraint files with the dependency tree
generated by `pip-compile` under Python 3.9. They are now integrated
into the action container image.
Refs:
* https://github.com/pypa/gh-action-pypi-publish/issues/101
* https://github.com/pypa/gh-action-pypi-publish/issues/107
2022-11-30 10:17:33 +01:00
Sviatoslav Sydorenko
480ec4ed58
Inherit yamllint config from the default preset
...
This patch also fixes the misconfigured rules definition.
2022-11-30 10:05:59 +01:00
Sviatoslav Sydorenko
5fb2f047e2
Drop __token__ from README code usage snippets
...
This patch reduces the emphasis on the `__token__` value of the `user`
input since it's default anyway. It also adds a separate paragraph
showing how to specify a custom username if the need be.
Ref: https://github.com/pypa/packaging.python.org/issues/1108
2022-07-25 23:13:35 +02:00
Sviatoslav Sydorenko
7bbdccd64f
Update the mention of master with unstable/v1
2022-07-25 23:07:43 +02:00
Sviatoslav Sydorenko
328cf89e05
📝 Fix a link to the "Distribution Package" term
2022-07-25 22:55:14 +02:00