From c497e698f0519d49d19dc0e23913207fc75a2ef9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 26 Aug 2024 17:27:49 +0000 Subject: [PATCH 01/13] chore: update pre-commit hooks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-mypy: v1.11.1 → v1.11.2](https://github.com/pre-commit/mirrors-mypy/compare/v1.11.1...v1.11.2) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d92927cb..e6e23877 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -57,7 +57,7 @@ repos: # args: ["--fix", "--show-fixes"] - repo: https://github.com/pre-commit/mirrors-mypy - rev: "v1.11.1" + rev: "v1.11.2" hooks: - id: mypy files: src From c278de0b2db1ff463acf018d3bebe48400a2d06a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:45:04 -0400 Subject: [PATCH 02/13] Bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.3 (#223) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.10.1 to 1.10.3.
Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.10.3

💅 Cosmetic Output Improvements

In #270, @​facutuesca💰 made a follow-up to their previous PR #250, making the hints show up more granularly. This effectively makes sure that the suggestion to enable Trusted Publishing does not get displayed when it's already in use. It also makes the message nicer in a few places on the UI.

🛠️ Internal Dependencies

@​mosfet80💰 updated a few internal linter versions in #266, #267, and #271, no user impact. This is usually automated otherwise.

💪 New Contributors

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.2...v1.10.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.10.2

💅 Cosmetic Output Improvements

In #250 and #258, @​facutuesca💰 added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! 🦄

🛠️ Internal Dependencies

@​woodruffw💰 bumped pypi-attestations to v0.0.12 in #262, hopefully fixing #263. 🤞 Nah.. that wasn't it.

[!TIP] Please keep in mind that reusable workflows are not yet supported, even though they sometimes work, mostly by accident.

💪 New Contributors

@​facutuesca made their first contribution in pypa/gh-action-pypi-publish#258

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.1...v1.10.2

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​henryiii💰 for promptly pointing up possible fixes for #263.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.10.1&new-version=1.10.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 00e657d2..5c0745db 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -58,7 +58,7 @@ jobs: ls -ltrh ls -ltrh dist - name: Publish to Test PyPI - uses: pypa/gh-action-pypi-publish@v1.10.1 + uses: pypa/gh-action-pypi-publish@v1.10.3 with: repository-url: https://test.pypi.org/legacy/ verbose: true @@ -96,5 +96,5 @@ jobs: name: artifact path: dist - - uses: pypa/gh-action-pypi-publish@v1.10.1 + - uses: pypa/gh-action-pypi-publish@v1.10.3 if: startsWith(github.ref, 'refs/tags') From 23d7697921c8c55601da936a9cb7897eab9d3996 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 7 Oct 2024 17:45:28 -0400 Subject: [PATCH 03/13] chore: update pre-commit hooks (#224) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.6.0...v5.0.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e6e23877..52e7a57b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -21,7 +21,7 @@ repos: additional_dependencies: [black==23.7.0] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: "v4.6.0" + rev: "v5.0.0" hooks: - id: check-added-large-files - id: check-case-conflict From 118840739d7b77be10f842ddf3e1ddb2369bced2 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 11:30:53 -0700 Subject: [PATCH 04/13] chore: update pre-commit hooks (#225) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 24.8.0 → 24.10.0](https://github.com/psf/black/compare/24.8.0...24.10.0) - [github.com/asottile/blacken-docs: 1.18.0 → 1.19.0](https://github.com/asottile/blacken-docs/compare/1.18.0...1.19.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 52e7a57b..f9387604 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,13 +9,13 @@ ci: repos: - repo: https://github.com/psf/black - rev: "24.8.0" + rev: "24.10.0" hooks: - id: black-jupyter args: ["--line-length", "100"] - repo: https://github.com/asottile/blacken-docs - rev: "1.18.0" + rev: "1.19.0" hooks: - id: blacken-docs additional_dependencies: [black==23.7.0] From 8462a40c5109c727ef3b718ec67ac925ada8483d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 22:25:42 -0500 Subject: [PATCH 05/13] Bump pypa/gh-action-pypi-publish from 1.10.3 to 1.11.0 (#227) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.10.3 to 1.11.0.
Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.11.0

🔏 Helping you become a trusted supply chain link 🔗

Two months ago, in v1.10.0, @​woodruffw💰 integrated support for generating and uploading PEP 740 digital attestations that can be used as provenance objects when analyzing dependency chains for the integrity.

To make sure it works well, it was implemented as an opt-in, so a relatively small subset of projects was able to try it out, and a few issues have been determined and fixed during this time.

That changes today! This version changes the feature toggle to “on by default”. This means that from now on, every project making use of Trusted Publishing will start producing and publishing digital attestations without having to do any modifications to how they use this action.

@​woodruffw💰 flipped the respective toggle in #277 with the possibility to opt-out.

🛠️ Internal Dependencies

@​woodruffw💰 bumped sigstore to v3.5.1 and pypi-attestations to v0.0.13 in lock files via #276.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.3...v1.11.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to William for working on improving the supply chain provenance in the ecosystem! The overall effort is tracked @ pypi/warehouse#15871.

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.10.3&new-version=1.11.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 5c0745db..bc933f78 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -58,7 +58,7 @@ jobs: ls -ltrh ls -ltrh dist - name: Publish to Test PyPI - uses: pypa/gh-action-pypi-publish@v1.10.3 + uses: pypa/gh-action-pypi-publish@v1.11.0 with: repository-url: https://test.pypi.org/legacy/ verbose: true @@ -96,5 +96,5 @@ jobs: name: artifact path: dist - - uses: pypa/gh-action-pypi-publish@v1.10.3 + - uses: pypa/gh-action-pypi-publish@v1.11.0 if: startsWith(github.ref, 'refs/tags') From b02c5091fe21cdb4daf40da8ea41b0ed7f9546dd Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 9 Nov 2024 22:26:16 -0500 Subject: [PATCH 06/13] chore: update pre-commit hooks (#226) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/blacken-docs: 1.19.0 → 1.19.1](https://github.com/asottile/blacken-docs/compare/1.19.0...1.19.1) - [github.com/pre-commit/mirrors-mypy: v1.11.2 → v1.13.0](https://github.com/pre-commit/mirrors-mypy/compare/v1.11.2...v1.13.0) - [github.com/kynan/nbstripout: 0.7.1 → 0.8.0](https://github.com/kynan/nbstripout/compare/0.7.1...0.8.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f9387604..125be1c2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,7 @@ repos: args: ["--line-length", "100"] - repo: https://github.com/asottile/blacken-docs - rev: "1.19.0" + rev: "1.19.1" hooks: - id: blacken-docs additional_dependencies: [black==23.7.0] @@ -57,7 +57,7 @@ repos: # args: ["--fix", "--show-fixes"] - repo: https://github.com/pre-commit/mirrors-mypy - rev: "v1.11.2" + rev: "v1.13.0" hooks: - id: mypy files: src @@ -76,7 +76,7 @@ repos: # )$ - repo: https://github.com/kynan/nbstripout - rev: 0.7.1 + rev: 0.8.0 hooks: - id: nbstripout args: [--extra-keys=metadata.kernelspec metadata.language_info.version] From 9ef6161bd255f7f90f350ce110f58013cef0e0a1 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 16:09:32 -0500 Subject: [PATCH 07/13] chore: update pre-commit hooks (#230) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/kynan/nbstripout: 0.8.0 → 0.8.1](https://github.com/kynan/nbstripout/compare/0.8.0...0.8.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 125be1c2..1f7f06b5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -76,7 +76,7 @@ repos: # )$ - repo: https://github.com/kynan/nbstripout - rev: 0.8.0 + rev: 0.8.1 hooks: - id: nbstripout args: [--extra-keys=metadata.kernelspec metadata.language_info.version] From d88210c9e9f694e91aae0e19e4429da49f17a94a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 16:09:58 -0500 Subject: [PATCH 08/13] Bump codecov/codecov-action from 4 to 5 (#229) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=codecov/codecov-action&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/coverage.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml index 31d8fb08..22e0d18d 100644 --- a/.github/workflows/coverage.yaml +++ b/.github/workflows/coverage.yaml @@ -52,7 +52,7 @@ jobs: pytest -vvv --cov=${{ env.PROJECT_NAME }} --cov-report=xml --cov-report=term tests/ - name: Upload coverage reports to Codecov with GitHub Action - uses: codecov/codecov-action@v4 + uses: codecov/codecov-action@v5 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From c27704d034f2c101c31c83111965af30e5a67d79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 16:30:02 -0500 Subject: [PATCH 09/13] Bump pypa/gh-action-pypi-publish from 1.11.0 to 1.12.2 (#228) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.11.0 to 1.12.2.
Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.2

🐛 What's Fixed

The fix for signing legacy zip sdists turned out to be incomplete, so @​woodruffw💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.12.1

🐛 What's Fixed

Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those. In #294, @​webknjaz💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke pypi-publish from nested in-repo composite actions — another exotic use-case that was never tested in our CI. @​woodruffw💰 also managed to squeeze in a last-minute fix for detecting legacy .zip sdists while producing attestations via #295.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Huge Thanks to all the bug reporters for posting the logs, helping inspect the problems and verify the regression fixes!

v1.12.0

⚡️ Why Should You Update?

This is a minor version bump, but it does not add any new user-facing interfaces. Still, I felt like it should not be a patch-release: this update brings significant changes to the action invocation and internal release process.

Previously, each invocation of pypi-publish required building a container image in the invoking CI job. This was inefficient and added about 30 seconds to the publishing jobs at their startup just to build the container.

I wanted to improve this for over three years (#58) and a little over half a year ago @​br3ndonland💰 stepped up and offered a very comprehensive solution to the limitation I was hoping to overcome: #230.

Going forward, I'm going to pre-build per-version containers prior to cutting each release. And the action invocations will just pull the image from GitHub Container registry.

[!CAUTION] Known quirks:

  • This seems to not work on self-hosted runners without a python executable: #289. The workaround could be installing it prior to running the action.
  • Pinning to commit hashes does not work: #290. Workaround: postpone updating until it's fixed or switch to Git tags for now. Subscribe to that issue to follow the progress. UPD: This was an issue during the first 12 hours post release and it has been addressed upstream by publishing a commit SHA-tagged image for the release on Nov 12, 2024 at 10:27 UTC+1.
  • Calling pypi-publish from another nested repo-local composite action might be breaking file paths: #291. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.
  • Running within GitHub Enterprise fails on the action repo clone: #292. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

Commits
  • 15c56db Merge pull request #297 from trail-of-forks/ww/bump-pypi-attestations
  • fe8d148 requirements: bump pypi-attestations to 0.0.15
  • 1f5d4ec Merge pull request #295 from trail-of-forks/ww/fix-sdist-collection
  • fec2f0c attestations: collect *.zip sdists as well
  • a8b73a6 Merge pull request #294 from webknjaz/bugfixes/optional-python
  • 9b4dfb0 ✨ Pre-install Python if there's none
  • 0a87186 Merge pull request #293 from webknjaz/bugfixes/uncheckout-intermediate-action
  • dfcfeca 🧪 Use prefetched action to make trampoline
  • 0d02f37 📝💅 Update the CI/CD badge in README
  • 61da13d Merge pull request #230 from br3ndonland/ghcr
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.11.0&new-version=1.12.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Connor Stone, PhD --- .github/workflows/cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index bc933f78..c951fd76 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -58,7 +58,7 @@ jobs: ls -ltrh ls -ltrh dist - name: Publish to Test PyPI - uses: pypa/gh-action-pypi-publish@v1.11.0 + uses: pypa/gh-action-pypi-publish@v1.12.2 with: repository-url: https://test.pypi.org/legacy/ verbose: true @@ -96,5 +96,5 @@ jobs: name: artifact path: dist - - uses: pypa/gh-action-pypi-publish@v1.11.0 + - uses: pypa/gh-action-pypi-publish@v1.12.2 if: startsWith(github.ref, 'refs/tags') From d20f8ed4d81d017ca9e49f207f8b767ac59fc560 Mon Sep 17 00:00:00 2001 From: "Connor Stone, PhD" Date: Wed, 11 Dec 2024 13:48:21 -0800 Subject: [PATCH 10/13] Add demo page to the website (#232) --- docs/source/_toc.yml | 1 + docs/source/astrophotdemo.rst | 11 +++++++++++ 2 files changed, 12 insertions(+) create mode 100644 docs/source/astrophotdemo.rst diff --git a/docs/source/_toc.yml b/docs/source/_toc.yml index 4c0f8233..ebd38f80 100644 --- a/docs/source/_toc.yml +++ b/docs/source/_toc.yml @@ -6,6 +6,7 @@ root: index chapters: - file: getting_started - file: install + - file: astrophotdemo - file: fastfit - file: tutorials/index - file: coordinates diff --git a/docs/source/astrophotdemo.rst b/docs/source/astrophotdemo.rst new file mode 100644 index 00000000..4f56e886 --- /dev/null +++ b/docs/source/astrophotdemo.rst @@ -0,0 +1,11 @@ +AstroPhot Demo +============== + +Go to the `AstroPhot Demo `_ to see a live demo of AstroPhot in action. + +In the demo you can upload your own FITS file and try fitting it with AstroPhot. +Add models and tweak the parameters until they seem reasonably good by eye, then +run the ``Optimize`` button to fit the model to the data. The demo is hosted on +Streamlit sharing and is free to use. Since the demo runs on the free version of +Streamlit, it may be slow to run all the functions (especially plotting), but it +will give you a sense of how AstroPhot works. From 231dc5ac147b501bcc05ea43cea2bc3c5d6572b9 Mon Sep 17 00:00:00 2001 From: "Connor Stone, PhD" Date: Wed, 11 Dec 2024 20:28:41 -0800 Subject: [PATCH 11/13] Add 2D moffat psf model (#233) --- astrophot/models/_shared_methods.py | 27 ++++++++++++++++++++ astrophot/models/galaxy_model_object.py | 23 ++--------------- astrophot/models/moffat_model.py | 34 +++++++++++++++++++++++++ docs/source/tutorials/ModelZoo.ipynb | 31 ++++++++++++++++++++++ 4 files changed, 94 insertions(+), 21 deletions(-) diff --git a/astrophot/models/_shared_methods.py b/astrophot/models/_shared_methods.py index ca442bce..c00b3b26 100644 --- a/astrophot/models/_shared_methods.py +++ b/astrophot/models/_shared_methods.py @@ -14,6 +14,9 @@ moffat_torch, nuker_torch, ) +from ..utils.conversions.coordinates import ( + Rotate_Cartesian, +) from ..utils.decorators import ignore_numpy_warnings, default_internal from ..image import ( Image_List, @@ -280,6 +283,30 @@ def radial_evaluate_model(self, X=None, Y=None, image=None, parameters=None): ) +@default_internal +def transformed_evaluate_model(self, X=None, Y=None, image=None, parameters=None, **kwargs): + if X is None or Y is None: + Coords = image.get_coordinate_meshgrid() + X, Y = Coords - parameters["center"].value[..., None, None] + X, Y = self.transform_coordinates(X, Y, image, parameters) + return self.radial_model( + self.radius_metric(X, Y, image=image, parameters=parameters), + image=image, + parameters=parameters, + ) + + +# Transform Coordinates +###################################################################### +@default_internal +def inclined_transform_coordinates(self, X, Y, image=None, parameters=None): + X, Y = Rotate_Cartesian(-(parameters["PA"].value - image.north), X, Y) + return ( + X, + Y / parameters["q"].value, + ) + + # Exponential ###################################################################### @default_internal diff --git a/astrophot/models/galaxy_model_object.py b/astrophot/models/galaxy_model_object.py index 4e422b5e..7bad13b8 100644 --- a/astrophot/models/galaxy_model_object.py +++ b/astrophot/models/galaxy_model_object.py @@ -112,24 +112,5 @@ def initialize(self, target=None, parameters: Optional[Parameter_Node] = None, * if parameters["q"].uncertainty is None: parameters["q"].uncertainty = parameters["q"].value * self.default_uncertainty - @default_internal - def transform_coordinates(self, X, Y, image=None, parameters=None): - X, Y = Rotate_Cartesian(-(parameters["PA"].value - image.north), X, Y) - return ( - X, - Y / parameters["q"].value, - ) - - @default_internal - def evaluate_model( - self, X=None, Y=None, image=None, parameters: Parameter_Node = None, **kwargs - ): - if X is None or Y is None: - Coords = image.get_coordinate_meshgrid() - X, Y = Coords - parameters["center"].value[..., None, None] - XX, YY = self.transform_coordinates(X, Y, image, parameters) - return self.radial_model( - self.radius_metric(XX, YY, image, parameters), - image=image, - parameters=parameters, - ) + from ._shared_methods import inclined_transform_coordinates as transform_coordinates + from ._shared_methods import transformed_evaluate_model as evaluate_model diff --git a/astrophot/models/moffat_model.py b/astrophot/models/moffat_model.py index 8f6701a5..06961c8c 100644 --- a/astrophot/models/moffat_model.py +++ b/astrophot/models/moffat_model.py @@ -1,4 +1,5 @@ import torch +import numpy as np from .galaxy_model_object import Galaxy_Model from .psf_model_object import PSF_Model @@ -6,6 +7,7 @@ from ..utils.decorators import ignore_numpy_warnings, default_internal from ..utils.parametric_profiles import moffat_np from ..utils.conversions.functions import moffat_I0_to_flux, general_uncertainty_prop +from ..param import Param_Unlock, Param_SoftLimits __all__ = ["Moffat_Galaxy", "Moffat_PSF"] @@ -155,3 +157,35 @@ def total_flux_uncertainty(self, parameters=None): ) from ._shared_methods import radial_evaluate_model as evaluate_model + + +class Moffat2D_PSF(Moffat_PSF): + + model_type = f"moffat2d {PSF_Model.model_type}" + parameter_specs = { + "q": {"units": "b/a", "limits": (0, 1), "uncertainty": 0.03}, + "PA": { + "units": "radians", + "limits": (0, np.pi), + "cyclic": True, + "uncertainty": 0.06, + }, + } + _parameter_order = Moffat_PSF._parameter_order + ("q", "PA") + usable = True + model_integrated = False + + @select_target + @default_internal + def initialize(self, target=None, parameters=None, **kwargs): + with Param_Unlock(parameters["q"]), Param_SoftLimits(parameters["q"]): + if parameters["q"].value is None: + parameters["q"].value = 0.9 + + with Param_Unlock(parameters["PA"]), Param_SoftLimits(parameters["PA"]): + if parameters["PA"].value is None: + parameters["PA"].value = 0.1 + super().initialize(target=target, parameters=parameters) + + from ._shared_methods import inclined_transform_coordinates as transform_coordinates + from ._shared_methods import transformed_evaluate_model as evaluate_model diff --git a/docs/source/tutorials/ModelZoo.ipynb b/docs/source/tutorials/ModelZoo.ipynb index 876089f7..2e73b4a4 100644 --- a/docs/source/tutorials/ModelZoo.ipynb +++ b/docs/source/tutorials/ModelZoo.ipynb @@ -231,6 +231,37 @@ "plt.show()" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## 2D Moffat PSF\n", + "\n", + "Like a Moffat, but can have a axis ratio and position angle. This could be used to make parametric spikes, or account for very slight asymmetry in a PSF." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "M = ap.models.AstroPhot_Model(\n", + " model_type=\"moffat2d psf model\",\n", + " parameters={\"n\": 2.0, \"Rd\": 10.0, \"q\": 0.7, \"PA\": 3.14 / 3},\n", + " target=psf_target,\n", + ")\n", + "print(M.parameter_order)\n", + "print(tuple(P.units for P in M.parameters))\n", + "M.initialize()\n", + "\n", + "fig, ax = plt.subplots(1, 2, figsize=(14, 6))\n", + "ap.plots.psf_image(fig, ax[0], M)\n", + "ap.plots.radial_light_profile(fig, ax[1], M)\n", + "ax[0].set_title(M.name)\n", + "plt.show()" + ] + }, { "cell_type": "markdown", "metadata": {}, From cc59e88ef31d42aa27e99503079870fce0609b96 Mon Sep 17 00:00:00 2001 From: "Connor Stone, PhD" Date: Wed, 11 Dec 2024 21:12:06 -0800 Subject: [PATCH 12/13] Add Multi Gaussian Expansion model (#234) --- astrophot/models/__init__.py | 1 + .../models/multi_gaussian_expansion_model.py | 171 ++++++++++++++++++ docs/source/tutorials/ModelZoo.ipynb | 38 ++++ 3 files changed, 210 insertions(+) create mode 100644 astrophot/models/multi_gaussian_expansion_model.py diff --git a/astrophot/models/__init__.py b/astrophot/models/__init__.py index 7edea0eb..81edb2c8 100644 --- a/astrophot/models/__init__.py +++ b/astrophot/models/__init__.py @@ -8,6 +8,7 @@ from .flatsky_model import * from .planesky_model import * from .gaussian_model import * +from .multi_gaussian_expansion_model import * from .spline_model import * from .relspline_model import * from .psf_model_object import * diff --git a/astrophot/models/multi_gaussian_expansion_model.py b/astrophot/models/multi_gaussian_expansion_model.py new file mode 100644 index 00000000..dd71726b --- /dev/null +++ b/astrophot/models/multi_gaussian_expansion_model.py @@ -0,0 +1,171 @@ +import torch +import numpy as np +from scipy.stats import iqr + +from .psf_model_object import PSF_Model +from .model_object import Component_Model +from ._shared_methods import ( + select_target, +) +from ..utils.initialize import isophotes +from ..utils.angle_operations import Angle_COM_PA +from ..utils.conversions.coordinates import ( + Rotate_Cartesian, +) +from ..param import Param_Unlock, Param_SoftLimits, Parameter_Node +from ..utils.decorators import ignore_numpy_warnings, default_internal + +__all__ = ["Multi_Gaussian_Expansion"] + + +class Multi_Gaussian_Expansion(Component_Model): + """Model that represents a galaxy as a sum of multiple Gaussian + profiles. The model is defined as: + + I(R) = sum_i flux_i * exp(-0.5*(R_i / sigma_i)^2) / (2 * pi * q_i * sigma_i^2) + + where $R_i$ is a radius computed using $q_i$ and $PA_i$ for that component. All components share the same center. + + Parameters: + q: axis ratio to scale minor axis from the ratio of the minor/major axis b/a, this parameter is unitless, it is restricted to the range (0,1) + PA: position angle of the semi-major axis relative to the image positive x-axis in radians, it is a cyclic parameter in the range [0,pi) + sigma: standard deviation of each Gaussian + flux: amplitude of each Gaussian + """ + + model_type = f"mge {Component_Model.model_type}" + parameter_specs = { + "q": {"units": "b/a", "limits": (0, 1)}, + "PA": {"units": "radians", "limits": (0, np.pi), "cyclic": True}, + "sigma": {"units": "arcsec", "limits": (0, None)}, + "flux": {"units": "log10(flux)"}, + } + _parameter_order = Component_Model._parameter_order + ("q", "PA", "sigma", "flux") + usable = True + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # determine the number of components + for key in ("q", "sigma", "flux"): + if self[key].value is not None: + self.n_components = self[key].value.shape[0] + break + else: + self.n_components = kwargs.get("n_components", 3) + + @torch.no_grad() + @ignore_numpy_warnings + @select_target + @default_internal + def initialize(self, target=None, parameters=None, **kwargs): + super().initialize(target=target, parameters=parameters) + + target_area = target[self.window] + target_dat = target_area.data.detach().cpu().numpy() + if target_area.has_mask: + mask = target_area.mask.detach().cpu().numpy() + target_dat[mask] = np.median(target_dat[np.logical_not(mask)]) + if parameters["sigma"].value is None: + with Param_Unlock(parameters["sigma"]), Param_SoftLimits(parameters["sigma"]): + parameters["sigma"].value = np.logspace( + np.log10(target_area.pixel_length.item() * 3), + max(target_area.shape.detach().cpu().numpy()) * 0.7, + self.n_components, + ) + parameters["sigma"].uncertainty = ( + self.default_uncertainty * parameters["sigma"].value + ) + if parameters["flux"].value is None: + with Param_Unlock(parameters["flux"]), Param_SoftLimits(parameters["flux"]): + parameters["flux"].value = np.log10( + np.sum(target_dat[~mask]) / self.n_components + ) * np.ones(self.n_components) + parameters["flux"].uncertainty = 0.1 * parameters["flux"].value + + if not (parameters["PA"].value is None or parameters["q"].value is None): + return + edge = np.concatenate( + ( + target_dat[:, 0], + target_dat[:, -1], + target_dat[0, :], + target_dat[-1, :], + ) + ) + edge_average = np.nanmedian(edge) + edge_scatter = iqr(edge[np.isfinite(edge)], rng=(16, 84)) / 2 + icenter = target_area.plane_to_pixel(parameters["center"].value) + + if parameters["PA"].value is None: + weights = target_dat - edge_average + Coords = target_area.get_coordinate_meshgrid() + X, Y = Coords - parameters["center"].value[..., None, None] + X, Y = X.detach().cpu().numpy(), Y.detach().cpu().numpy() + if target_area.has_mask: + seg = np.logical_not(target_area.mask.detach().cpu().numpy()) + PA = Angle_COM_PA(weights[seg], X[seg], Y[seg]) + else: + PA = Angle_COM_PA(weights, X, Y) + + with Param_Unlock(parameters["PA"]), Param_SoftLimits(parameters["PA"]): + parameters["PA"].value = ((PA + target_area.north) % np.pi) * np.ones( + self.n_components + ) + if parameters["PA"].uncertainty is None: + parameters["PA"].uncertainty = (5 * np.pi / 180) * torch.ones_like( + parameters["PA"].value + ) # default uncertainty of 5 degrees is assumed + if parameters["q"].value is None: + q_samples = np.linspace(0.2, 0.9, 15) + try: + pa = parameters["PA"].value.item() + except: + pa = parameters["PA"].value[0].item() + iso_info = isophotes( + target_area.data.detach().cpu().numpy() - edge_average, + (icenter[1].detach().cpu().item(), icenter[0].detach().cpu().item()), + threshold=3 * edge_scatter, + pa=(pa - target.north), + q=q_samples, + ) + with Param_Unlock(parameters["q"]), Param_SoftLimits(parameters["q"]): + parameters["q"].value = q_samples[ + np.argmin(list(iso["amplitude2"] for iso in iso_info)) + ] * torch.ones(self.n_components) + if parameters["q"].uncertainty is None: + parameters["q"].uncertainty = parameters["q"].value * self.default_uncertainty + + @default_internal + def total_flux(self, parameters=None): + return torch.sum(10 ** parameters["flux"].value) + + @default_internal + def evaluate_model(self, X=None, Y=None, image=None, parameters=None, **kwargs): + if X is None or Y is None: + Coords = image.get_coordinate_meshgrid() + X, Y = Coords - parameters["center"].value[..., None, None] + + if parameters["PA"].value.numel() == 1: + X, Y = Rotate_Cartesian(-(parameters["PA"].value - image.north), X, Y) + X = X.repeat(parameters["q"].value.shape[0], *[1] * X.ndim) + Y = torch.vmap(lambda q: Y / q)(parameters["q"].value) + else: + X, Y = torch.vmap(lambda pa: Rotate_Cartesian(-(pa - image.north), X, Y))( + parameters["PA"].value + ) + Y = torch.vmap(lambda q, y: y / q)(parameters["q"].value, Y) + + R = self.radius_metric(X, Y, image, parameters) + return torch.sum( + torch.vmap( + lambda A, R, sigma, q: (A / (2 * np.pi * q * sigma**2)) + * torch.exp(-0.5 * (R / sigma) ** 2) + )( + image.pixel_area * 10 ** parameters["flux"].value, + R, + parameters["sigma"].value, + parameters["q"].value, + ), + dim=0, + ) diff --git a/docs/source/tutorials/ModelZoo.ipynb b/docs/source/tutorials/ModelZoo.ipynb index 2e73b4a4..cc8a5307 100644 --- a/docs/source/tutorials/ModelZoo.ipynb +++ b/docs/source/tutorials/ModelZoo.ipynb @@ -655,6 +655,44 @@ "plt.show()" ] }, + { + "cell_type": "markdown", + "metadata": {}, + "source": [ + "## Multi Gaussian Expansion\n", + "\n", + "A multi gaussian expansion is essentially a model made of overlapping gaussian models that share the same center. However, they are combined into a single model for computational efficiency. Another advantage of the MGE is that it is possible to determine a deprojection of the model from 2D into a 3D shape since the projection of a 3D gaussian is a 2D gaussian. Note however, that in some configurations this deprojection is not unique. See Cappellari 2002 for more details.\n", + "\n", + "Note: The ``PA`` can be either a single value (same for all components) or an array with values for each component." + ] + }, + { + "cell_type": "code", + "execution_count": null, + "metadata": {}, + "outputs": [], + "source": [ + "M = ap.models.AstroPhot_Model(\n", + " model_type=\"mge model\",\n", + " parameters={\n", + " \"center\": [50, 50],\n", + " \"q\": [0.9, 0.8, 0.6, 0.5],\n", + " \"PA\": 30 * np.pi / 180,\n", + " \"sigma\": [4.0, 8.0, 16.0, 32.0],\n", + " \"flux\": np.ones(4) / 4,\n", + " },\n", + " target=basic_target,\n", + ")\n", + "print(M.parameter_order)\n", + "print(tuple(P.units for P in M.parameters))\n", + "M.initialize()\n", + "\n", + "fig, ax = plt.subplots(1, 1, figsize=(6, 6))\n", + "ap.plots.model_image(fig, ax, M)\n", + "ax.set_title(M.name)\n", + "plt.show()" + ] + }, { "cell_type": "markdown", "metadata": {}, From 407a00de91bf9344ecf8b5d05afa842b9e60c6a6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 09:35:06 -0500 Subject: [PATCH 13/13] Bump pypa/gh-action-pypi-publish from 1.12.2 to 1.12.3 (#236) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.12.2 to 1.12.3.
Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call pypi-publish once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use pypi-publish on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call pypi-publish from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @​pydantic💰!

🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits
  • 67339c7 📦 Only keep lower bounds @ input requirements
  • cbd6d01 📝Fix a typo in "privileges" @ README
  • 7252a9a 📝 Outline unsupported scenarios in README
  • a536fa9 📌📦 Include jeepney & secretstorage pins
  • 43caae4 💅📦 Split transitive dep constraints
  • f371c3d Merge pull request #313 from webknjaz/maintenance/metadata-2.4
  • 138a121 📌📦 Pin pkginfo to v1.12 @ runtime deps
  • ff2b051 🧪 Add a Maturin-based package to CI
  • 0a0a6ae 🧪 Allow CI to register multiple distributions
  • e7723a4 Merge pull request #309 from trail-of-forks/ww/bumptwine
  • Additional commits viewable in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=pypa/gh-action-pypi-publish&package-manager=github_actions&previous-version=1.12.2&new-version=1.12.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/cd.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index c951fd76..6f2adff5 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -58,7 +58,7 @@ jobs: ls -ltrh ls -ltrh dist - name: Publish to Test PyPI - uses: pypa/gh-action-pypi-publish@v1.12.2 + uses: pypa/gh-action-pypi-publish@v1.12.3 with: repository-url: https://test.pypi.org/legacy/ verbose: true @@ -96,5 +96,5 @@ jobs: name: artifact path: dist - - uses: pypa/gh-action-pypi-publish@v1.12.2 + - uses: pypa/gh-action-pypi-publish@v1.12.3 if: startsWith(github.ref, 'refs/tags')