dependabot[bot]
7f1b4f372b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.8 to 1.8.10
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.8 to 1.8.10.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f8c70e705f...b7f401de30
2023-08-11 10:38:06 +00:00
Lukas Pühringer
3262767aec
Merge pull request #2423 from theupdateframework/dependabot/github_actions/actions/setup-python-4.7.0
...
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
2023-07-17 14:02:29 +02:00
dependabot[bot]
44dbf4bc02
build(deps): bump actions/setup-python from 4.6.1 to 4.7.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.1 to 4.7.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](bd6b4b6205...61a6322f88
2023-07-14 10:23:57 +00:00
dependabot[bot]
459c865d44
build(deps): bump pypa/gh-action-pypi-publish from 1.8.7 to 1.8.8
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.7 to 1.8.8.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](f5622bde02...f8c70e705f
2023-07-12 10:49:20 +00:00
dependabot[bot]
9a90005c08
build(deps): bump pypa/gh-action-pypi-publish from 1.8.6 to 1.8.7
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](a56da0b891...f5622bde02
2023-06-27 10:58:39 +00:00
dependabot[bot]
55a17cc3ee
build(deps): bump actions/checkout from 3.5.2 to 3.5.3
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8e5e7e5ab8...c85c95e3d7
2023-06-12 11:00:10 +00:00
dependabot[bot]
4f3ff9fa12
build(deps): bump actions/setup-python from 4.6.0 to 4.6.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](57ded4d7d5...bd6b4b6205
2023-05-25 10:58:36 +00:00
Jussi Kukkonen
ffc904906c
github: Fix issue with draft releases
...
Commit 707dc49
2023-05-10 14:06:55 +03:00
dependabot[bot]
a6ea12754d
build(deps): bump pypa/gh-action-pypi-publish from 1.8.5 to 1.8.6
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.5 to 1.8.6.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0bf742be3e...a56da0b891
2023-05-08 14:14:07 +00:00
Jussi Kukkonen
53c280680b
release: Use PyPI Trusted Publishing
...
Instead of using the secret stored in environment secrets, allow the
publish action to use the OIDC identity to authenticate to pypi.org.
This repository/workflow/environment has been marked as a "Trusted
Publisher" in pypi.org: this means PyPI should give the publish action a
short lived token to use for publishing.
This enables #2370 : but the secret should still be removed before
closing the issue (maybe after one successful release with Trusted
Publishing).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-04-27 15:42:55 +03:00
dependabot[bot]
964c30c2dd
build(deps): bump actions/setup-python from 4.5.0 to 4.6.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.5.0 to 4.6.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](d27e3f3d7c...57ded4d7d5
2023-04-21 10:58:33 +00:00
dependabot[bot]
308c9874b7
build(deps): bump actions/checkout from 3.5.0 to 3.5.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.5.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](8f4b7f8486...8e5e7e5ab8
2023-04-14 10:58:57 +00:00
dependabot[bot]
63da19d127
build(deps): bump actions/github-script from 6.4.0 to 6.4.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](98814c53be...d7906e4ad0
2023-04-07 10:58:44 +00:00
dependabot[bot]
b52c7dbcfc
build(deps): bump pypa/gh-action-pypi-publish from 1.8.3 to 1.8.5
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.3 to 1.8.5.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](48b317d84d...0bf742be3e
2023-04-04 11:00:18 +00:00
dependabot[bot]
f86f656d3c
build(deps): bump actions/checkout from 3.4.0 to 3.5.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](24cb908017...8f4b7f8486
2023-03-28 07:44:51 +00:00
dependabot[bot]
f98f94b46b
build(deps): bump pypa/gh-action-pypi-publish from 1.8.1 to 1.8.3
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.8.1 to 1.8.3.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](a3a3bafbb3...48b317d84d
2023-03-23 10:59:06 +00:00
Jussi Kukkonen
db027027ce
Merge pull request #2334 from theupdateframework/dependabot/github_actions/actions/checkout-3.4.0
...
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
2023-03-20 10:40:11 +02:00
dependabot[bot]
a673ac3df5
build(deps): bump actions/checkout from 3.3.0 to 3.4.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](ac59398561...24cb908017
2023-03-20 08:21:35 +00:00
dependabot[bot]
21d87de04a
build(deps): bump pypa/gh-action-pypi-publish from 1.7.1 to 1.8.1
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.7.1 to 1.8.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](22b4d1f125...a3a3bafbb3
2023-03-16 10:22:42 +00:00
dependabot[bot]
a65568bfef
build(deps): bump pypa/gh-action-pypi-publish from 1.6.4 to 1.7.1
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.6.4 to 1.7.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](c7f29f7ade...22b4d1f125
2023-03-13 11:00:55 +00:00
Jussi Kukkonen
b15af9573a
Merge pull request #2290 from jku/release-refactor
...
build: Handle GH release manually
2023-02-06 15:09:25 +02:00
Jussi Kukkonen
70555f6e1b
build: shorten requirements file names
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:52:07 +02:00
Jussi Kukkonen
33829fdbab
build: Move requirements file to a directory
...
We already have 6 files and I'm planning to add another one: maybe it's
time to move these out of the top level directory.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-06 14:50:47 +02:00
Jussi Kukkonen
707dc49999
build: Handle GH release manually
...
Remove dependency on softprops/action-gh-release: instead do the GitHub
release steps using the GitHub API and github-script.
The only difference should be that release name is not "<tag>-rc" first:
instead the initial release is marked as draft in the API (and shows as
draft in the UI).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-02-04 17:32:56 +02:00
dependabot[bot]
f2fff33566
build(deps): bump actions/github-script from 6.3.3 to 6.4.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.3 to 6.4.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d556feaca3...98814c53be
2023-01-27 10:05:30 +00:00
dependabot[bot]
4c3df14a50
build(deps): bump actions/setup-python from 4.4.0 to 4.5.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](5ccb29d877...d27e3f3d7c
2023-01-13 10:50:28 +00:00
Lukas Pühringer
fa9761bb8f
Merge pull request #2259 from theupdateframework/dependabot/github_actions/actions/checkout-3.3.0
...
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
2023-01-13 11:49:36 +01:00
Lukas Pühringer
cc6171b1d7
Merge pull request #2258 from theupdateframework/dependabot/github_actions/actions/download-artifact-3.0.2
...
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
2023-01-13 11:33:33 +01:00
dependabot[bot]
bfbfb55444
build(deps): bump actions/checkout from 3.2.0 to 3.3.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](755da8c3cf...ac59398561
2023-01-13 10:32:56 +00:00
dependabot[bot]
d156bdf82f
build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](83fd05a356...0b7f8abb15
2023-01-09 10:10:05 +00:00
dependabot[bot]
671df68a6d
build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.1 to 3.0.2.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](9782bd6a98...9bc31d5ccc
2023-01-06 10:04:00 +00:00
dependabot[bot]
681c134e09
build(deps): bump actions/setup-python from 4.3.1 to 4.4.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](2c3dd9e7e2...5ccb29d877
2022-12-23 10:22:10 +00:00
dependabot[bot]
98991d8f50
build(deps): bump actions/checkout from 3.1.0 to 3.2.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](93ea575cb5...755da8c3cf
2022-12-13 10:04:50 +00:00
dependabot[bot]
205769d9bf
build(deps): bump actions/setup-python from 4.3.0 to 4.3.1
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](13ae5bb136...2c3dd9e7e2
2022-12-09 17:50:35 +00:00
Jussi Kukkonen
b6c3b66ca6
build: Change build dependency pinning strategy
...
* don't autoupgrade pip: let's consider pip to be part of platform?
* pin build and tox in new requirements-build.txt: this mostly prevents
tox from going to 4.x before we're ready
* use requirements-build.txt as constraint when installing tox or build
during CI & CD
* use requirements-build.txt in requiremenets-dev.txt
Note that coveralls is not pinned, not sure if it should be.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-12-09 18:10:03 +02:00
dependabot[bot]
7f1ddebb71
build(deps): bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.6.1 to 1.6.4.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](5d1679fa6b...c7f29f7ade
2022-12-07 10:04:26 +00:00
dependabot[bot]
63c384d9d7
build(deps): bump pypa/gh-action-pypi-publish from 1.5.1 to 1.6.1
...
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ) from 1.5.1 to 1.6.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](37f50c210e...5d1679fa6b
2022-12-05 10:08:50 +00:00
Jussi Kukkonen
b002860206
Github workflows: Only upload to pypi in upstream repo
...
This is not a security measure: it makes testing the CD/release workflow
(at least the non-pypi-upload parts) in a fork a little easier as the pypi
upload is skipped.
This does make testing the pypi upload even more difficult but maybe
that is acceptable?
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-31 12:14:23 +02:00
Jussi Kukkonen
327fcf8640
GitHub workflows: limit "content:write" to minimum
...
permissions can be defined on workflow and job level, but not on step level.
Currently permissions are defined at workflow level which is not ideal.
Create a new "release_candidate" job so that we can minimize the
"content:write" permission exposure.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2022-10-31 12:13:11 +02:00
dependabot[bot]
2fa55a089c
build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](3cea537223...83fd05a356
2022-10-24 10:21:27 +00:00
dependabot[bot]
68571fb887
build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](fb598a63ae...9782bd6a98
2022-10-21 11:14:31 +00:00
dependabot[bot]
67a5fca932
build(deps): bump actions/github-script from 6.3.2 to 6.3.3
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.2 to 6.3.3.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](100527700e...d556feaca3
2022-10-14 10:16:54 +00:00
dependabot[bot]
39b823afe4
build(deps): bump actions/github-script from 6.3.1 to 6.3.2
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.3.1 to 6.3.2.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](7dff1a8764...100527700e
2022-10-12 10:19:05 +00:00
dependabot[bot]
76c0d6cec0
build(deps): bump actions/setup-python from 4.2.0 to 4.3.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](b55428b188...13ae5bb136
2022-10-11 10:29:56 +00:00
Kairo de Araujo
869d23a9f2
Fix typo CD.yml
...
Fixed typo in CD.yml: 'candidate' instead ' candidate'.
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
2022-10-10 09:56:25 +02:00
dependabot[bot]
9907d4d38a
build(deps): bump actions/checkout from 3.0.2 to 3.1.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](2541b1294d...93ea575cb5
2022-10-04 10:45:28 +00:00
dependabot[bot]
903ad61a8e
build(deps): bump actions/github-script from 6.2.0 to 6.3.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.2.0 to 6.3.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](c713e510db...7dff1a8764
2022-10-03 09:39:02 +00:00
dependabot[bot]
de8f97f283
build(deps): bump actions/github-script from 6.1.1 to 6.2.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.1.1 to 6.2.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](d50f485531...c713e510db
2022-08-29 10:24:16 +00:00
dependabot[bot]
e27dce0f5f
build(deps): bump actions/github-script from 6.1.0 to 6.1.1
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 6.1.0 to 6.1.1.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](7a5c598405...d50f485531
2022-08-15 10:19:37 +00:00
dependabot[bot]
c524984be4
build(deps): bump actions/setup-python from 4.1.0 to 4.2.0
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](c4e89fac7e...b55428b188
2022-08-03 10:19:48 +00:00
