diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e5386979..6c511698 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -31,7 +31,7 @@ jobs: run: python3 -m pip install --constraint requirements/build.txt build - name: Build binary wheel and source tarball - run: python3 -m build --sdist --wheel --outdir dist/ . + run: PIP_CONSTRAINT=requirements/build.txt python3 -m build --sdist --wheel --outdir dist/ . - name: Store build artifacts uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 diff --git a/pyproject.toml b/pyproject.toml index 54c476cb..2e0d876d 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,8 @@ [build-system] -# hatchling pinned for reproducibility: version should be kept up-to-date -requires = ["hatchling==1.20.0"] +# Dependabot cannot do `build-system.requires` (dependabot/dependabot-core#8465) +# workaround to get reproducibility and auto-updates: +# PIP_CONSTRAINT=requirements/build.txt python3 -m build ... +requires = ["hatchling"] build-backend = "hatchling.build" [project] diff --git a/requirements/build.txt b/requirements/build.txt index 213948b0..6a39a380 100644 --- a/requirements/build.txt +++ b/requirements/build.txt @@ -2,3 +2,4 @@ # during CI and CD Github workflows build==1.0.3 tox==4.1.2 +hatchling==1.20.0