[PR #773] [MERGED] chore(deps): update pypa/gh-action-pypi-publish action to v1.12.3 #810

New issue

Closed

opened 2026-03-02 15:59:41 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 15:59:41 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/probberechts/soccerdata/pull/773
Author: @renovate[bot]
Created: 12/16/2024
Status: ✅ Merged
Merged: 12/16/2024
Merged by: @renovate[bot]

Base: master ← Head: renovate/pypa-gh-action-pypi-publish-1.12.x

📝 Commits (1)

d9b3b82 chore(deps): update pypa/gh-action-pypi-publish action to v1.12.3

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 .github/workflows/release.yml (+2 -2)

📄 Description

This PR contains the following updates:

Package	Type	Update	Change
pypa/gh-action-pypi-publish	action	patch	`v1.12.2` -> `v1.12.3`

Release Notes

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

`v1.12.3`

Compare Source

✨ What's Improved

With the updates by @woodruffw 💰 and @webknjaz 💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP]
Please, let us know in the release discussion if anything still remains unclear.
TL;DR always call [pypi-publish][pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish][pypi-publish] on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish][pypi-publish] from composite actions.

🛠️ Internal Updates

@br3ndonland 💰 improved the container image generation automation to include Git SHA in #301. And @woodruffw 💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3

🧔‍♂️ Release Manager: @webknjaz 🇺🇦

🙏 Special Thanks to @samuelcolvin 💰 for nudging me to cut this release sooner and for sponsoring me via @pydantic 💰!

🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/probberechts/soccerdata/pull/773 **Author:** [@renovate[bot]](https://github.com/apps/renovate) **Created:** 12/16/2024 **Status:** ✅ Merged **Merged:** 12/16/2024 **Merged by:** [@renovate[bot]](https://github.com/apps/renovate) **Base:** `master` ← **Head:** `renovate/pypa-gh-action-pypi-publish-1.12.x` --- ### 📝 Commits (1) - [`d9b3b82`](https://github.com/probberechts/soccerdata/commit/d9b3b82383435418eb64905d20d5297141e3d3f8) chore(deps): update pypa/gh-action-pypi-publish action to v1.12.3 ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/release.yml` (+2 -2) </details> ### 📄 Description This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | patch | `v1.12.2` -> `v1.12.3` | --- ### Release Notes <details> <summary>pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)</summary> ### [`v1.12.3`](https://redirect.github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.3) [Compare Source](https://redirect.github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3) #### ✨ What's Improved With the updates by [@woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) and [@webknjaz](https://redirect.github.com/webknjaz)[💰](https://redirect.github.com/sponsors/webknjaz) via [#309](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/309) and [#313](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313), it is now possible to publish [distribution packages] that include [core metadata v2.4], like those built using [maturin]. This is done by bumping `Twine` to v6.0.1 and `pkginfo` to v1.12.0. #### 📝 Docs We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals. > \[!TIP] > Please, let us know in the [release discussion] if anything still remains unclear. > *TL;DR* always call [`pypi-publish`][pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [`pypi-publish`][pypi-publish] on a GitHub-provided infra with `runs-on: ubuntu-latest`, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [`pypi-publish`][pypi-publish] from composite actions. #### 🛠️ Internal Updates [@br3ndonland](https://redirect.github.com/br3ndonland)[💰](https://redirect.github.com/sponsors/br3ndonland) improved the container image generation automation to include Git SHA in [#301](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/301). And [@woodruffw](https://redirect.github.com/woodruffw)[💰](https://redirect.github.com/sponsors/woodruffw) added the `workflow_ref` context to Trusted Publishing debug logging in [#305](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/305), helping us diagnose misconfigurations faster. [#313](https://redirect.github.com/pypa/gh-action-pypi-publish/issues/313) also extends the smoke test in the CI to check against the [maturin]-made dists. Additionally, `jeepney` and `secretstorage` transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier. **🪞 Full Diff**: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.2...v1.12.3 **🧔‍♂️ Release Manager:** [@webknjaz](https://redirect.github.com/sponsors/webknjaz) [🇺🇦](https://stand-with-ukraine.pp.ua) **🙏 Special Thanks** to [@samuelcolvin](https://redirect.github.com/samuelcolvin)[💰](https://redirect.github.com/sponsors/samuelcolvin) for nudging me to cut this release sooner and for [sponsoring me](https://redirect.github.com/sponsors/webknjaz) via [@pydantic](https://redirect.github.com/pydantic)[💰](https://redirect.github.com/sponsors/pydantic)! **🔌 Shameless Plug**: The other day I've made this [🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack] subscribe to read news from people like me :) **💬 Discuss** [on Bluesky 🦋](https://bsky.app/profile/webknjaz.me/post/3lcve36mtpk22), [on Mastodon 🐘](https://mastodon.social/@webknjaz/113624274498685157) and [on GitHub][release discussion]. [core metadata v2.4]: https://packaging.python.org/en/latest/specifications/core-metadata/#metadata-version [distribution packages]: https://packaging.python.org/en/latest/glossary/#term-Distribution-Package [maturin]: https://www.maturin.rs/tutorial [`pypi-publish`]: https://redirect.github.com/marketplace/actions/pypi-publish [🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack]: https://bsky.app/starter-pack/webknjaz.me/3lbt5nu3vw22b [release discussion]: https://redirect.github.com/pypa/gh-action-pypi-publish/discussions/314 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/probberechts/soccerdata).  --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>