[PR #752] [MERGED] chore(deps): update pypa/gh-action-pypi-publish action to v1.12.2 #789

New issue

Closed

opened 2026-03-02 15:59:35 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 15:59:35 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/probberechts/soccerdata/pull/752
Author: @renovate[bot]
Created: 11/12/2024
Status: ✅ Merged
Merged: 11/16/2024
Merged by: @probberechts

Base: master ← Head: renovate/pypa-gh-action-pypi-publish-1.x

📝 Commits (1)

99c5a83 chore(deps): update pypa/gh-action-pypi-publish action to v1.12.2

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 .github/workflows/release.yml (+2 -2)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
pypa/gh-action-pypi-publish	action	minor	`v1.11.0` -> `v1.12.2`

Release Notes

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

`v1.12.2`

Compare Source

🐛 What's Fixed

The fix for signing legacy zip sdists turned out to be incomplete, so @woodruffw 💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

`v1.12.1`

Compare Source

🐛 What's Fixed

Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those.
In #294, @webknjaz 💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke [pypi-publish][pypi-publish] from nested in-repo composite actions — another exotic use-case that was never tested in our CI.
@woodruffw 💰 also managed to squeeze in a last-minute fix for detecting legacy .zip sdists while producing attestations via #295.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

🙏 Huge Thanks to all the bug reporters for posting the logs, helping inspect the problems and verify the regression fixes!

`v1.12.0`

Compare Source

⚡️ Why Should You Update?

This is a minor version bump, but it does not add any new user-facing interfaces. Still, I felt like it should not be a patch-release: this update brings significant changes to the action invocation and internal release process.

Previously, each invocation of [pypi-publish][pypi-publish] required building a container image in the invoking CI job. This was inefficient and added about 30 seconds to the publishing jobs at their startup just to build the container.

I wanted to improve this for over three years (#58) and a little over half a year ago @br3ndonland 💰 stepped up and offered a very comprehensive solution to the limitation I was hoping to overcome: #230.

Going forward, I'm going to pre-build per-version containers prior to cutting each release. And the action invocations will just pull the image from GitHub Container registry.

[!CAUTION]
Known quirks:

This seems to not work on self-hosted runners without a python executable: #289. The workaround could be installing it prior to running the action.

~Pinning to commit hashes does not work: #290. Workaround: postpone updating until it's fixed or switch to Git tags for now. Subscribe to that issue to follow the progress.~ UPD: This was an issue during the first 12 hours post release and it has been addressed upstream by publishing a commit SHA-tagged image for the release on Nov 12, 2024 at 10:27 UTC+1.

Calling pypi-publish from another nested repo-local composite action might be breaking file paths: #291. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.

Running within GitHub Enterprise fails on the action repo clone: #292. Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/probberechts/soccerdata/pull/752 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 11/12/2024 **Status:** ✅ Merged **Merged:** 11/16/2024 **Merged by:** [@probberechts](https://github.com/probberechts) **Base:** `master` ← **Head:** `renovate/pypa-gh-action-pypi-publish-1.x` --- ### 📝 Commits (1) - [`99c5a83`](https://github.com/probberechts/soccerdata/commit/99c5a83fe5eacb256a6a4307c0239c59614843df) chore(deps): update pypa/gh-action-pypi-publish action to v1.12.2 ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release.yml` (+2 -2) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | minor | `v1.11.0` -> `v1.12.2` | --- ### Release Notes <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.12.2`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.2) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2) #### 🐛 What's Fixed The fix for signing legacy zip sdists turned out to be incomplete, so [@woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) promptly produced another follow-up that updated `pypi-attestations` from v0.0.13 to v0.0.15 in [#297](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/297). This is the only change since the previous release. **🪞 Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.1...v1.12.2 **🧔‍♂️ Release Manager:** [@webknjaz](https://redirect.github.com/sponsors/webknjaz) [🇺🇦](https://stand-with-ukraine.pp.ua) ### [`v1.12.1`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.1) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1) #### 🐛 What's Fixed Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those. In [#294](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/294), [@webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz) improved the self-hosted runner experience by pre-installing Python if it's not there, and with [#293](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/293) the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke [`pypi-publish`][pypi-publish] from nested in-repo composite actions — another exotic use-case that was never tested in our CI. [@woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) also managed to squeeze in a last-minute fix for detecting legacy `.zip` sdists while producing attestations via [#295](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/295). **🪞 Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.0...v1.12.1 **🧔‍♂️ Release Manager:** [@webknjaz](https://redirect.github.com/sponsors/webknjaz) [🇺🇦](https://stand-with-ukraine.pp.ua) **🙏 Huge Thanks** to all the bug reporters for posting the logs, helping inspect the problems and verify the regression fixes! [`pypi-publish`]: https://redirect.github.com/marketplace/actions/pypi-publish ### [`v1.12.0`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.0) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0) #### ⚡️ Why Should You Update? This is a minor version bump, but it does not add any new user-facing interfaces. Still, I felt like it should not be a patch-release: this update brings *significant changes* to the action invocation and internal release process. Previously, each invocation of [`pypi-publish`][pypi-publish] required building a container image in the invoking CI job. This was inefficient and added about 30 seconds to the publishing jobs at their startup just to build the container. I wanted to improve this for over three years ([#58](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/58)) and a little over half a year ago [@br3ndonland](https://redirect.github.com/br3ndonland)[💰](https://redirect.github.com/sponsors/br3ndonland) stepped up and offered a very comprehensive solution to the limitation I was hoping to overcome: [#230](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/230). Going forward, I'm going to pre-build per-version containers prior to cutting each release. And the action invocations will just pull the image from GitHub Container registry. > \[!CAUTION] > Known quirks: > > - This seems to not work on self-hosted runners without a `python` executable: [#289](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/289). The workaround could be installing it prior to running the action. > - \~Pinning to commit hashes does not work: [#290](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/290). Workaround: postpone updating until it's fixed or switch to Git tags for now. Subscribe to that issue to follow the progress.~ *UPD:* This was an issue during the first 12 hours post release and it has been addressed upstream by publishing a commit SHA-tagged image for the release on Nov 12, 2024 at 10:27 UTC+1. > - Calling `pypi-publish` from another nested repo-local composite action might be breaking file paths: [#291](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/291). Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress. > - Running within GitHub Enterprise fails on the action repo clone: [#292](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/292). Workaround: postpone updating until it's fixed. Subscribe to that issue to follow the progress. **🪞 Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.11.0...v1.12.0 **🧔‍♂️ Release Manager:** [@webknjaz 🇺🇦](https://redirect.github.com/sponsors/webknjaz) [`pypi-publish`]: https://redirect.github.com/marketplace/actions/pypi-publish </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/probberechts/soccerdata).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>