chore(deps): update pypa/gh-action-pypi-publish action to v1.13.0 #43
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=80&v=4){kind=small}
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
wislertt
approved these changes
Sep 14, 2025
|
🎉 This PR is included in version 0.20.2 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.12.2->v1.13.0Release Notes
pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)
v1.13.0Compare Source
Take the 2025 Python Packaging Survey if you still haven't!
✨ New Stuff
@woodruffw💰 updated the README to no longer mention the attestations feature being experimental in #347: it's been rather stable for a year already 🎉
He also added more diagnostic output which includes printing out the GitHub Environment claim via #371 and warning about the unsupported reusable workflows configurations #306, when using Trusted Publishing.
In addition to that, @konstin💰 sent #378 to pin
actions/setup-pythonto a SHA hash. This makespypi-publishcompatible with new GitHub policies that allow organizations to mandate hash-pinning actions used in workflows.🛠️ Internal Dependencies
@webknjaz💰 made a bunch of updates to the action runtime which includes bumping it to Python 3.13 in #331 and updating the dependency tree across the board.
pip-with-requires-pythonis no longer being installed (#332). Some related bumps were contributed by @woodruffw💰 (#359) and @kurtmckee💰 sent a contributor-facing PR, bumping the linting configuration via #335.💪 New Contributors
🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.4...v1.13.0
🧔♂️ Release Manager: @webknjaz 🇺🇦
💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
v1.12.4Compare Source
Be nice to FOSS maintainers.
✨ What's Changed
The main theme of this patch release that the support for uploading PEP 639 licensing metadata to PyPI has been fixed in #327.
🛠️ Internal Updates
A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR #315).
And the lock file with the software available in runtime has been re-pinned in #329.
Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via
da900af.🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.3...v1.12.4
🧔♂️ Release Manager: @webknjaz 🇺🇦
🙏 Special Thanks to @dnicolodi💰 and @woodruffw💰 for releasing the license metadata support fix in Twine!
💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
v1.12.3Compare Source
✨ What's Improved
With the updates by @woodruffw💰 and @webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping
Twineto v6.0.1 andpkginfoto v1.12.0.📝 Docs
We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.
🛠️ Internal Updates
@br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @woodruffw💰 added the
workflow_refcontext to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally,jeepneyandsecretstoragetransitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3
🧔♂️ Release Manager: @webknjaz 🇺🇦
🙏 Special Thanks to @samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @pydantic💰!
🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)
💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.