Add test upload workflow #111
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
webknjaz
reviewed
Dec 5, 2022
andrewpollock
referenced
this pull request
in google/osv.dev
Jan 5, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://togithub.com/actions/checkout) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | minor | `v2.0.6` -> `v2.1.2` | | [pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish) | action | patch | `v1.6.1` -> `v1.6.4` | --- ### Release Notes <details> <summary>actions/checkout</summary> ### [`v3.2.0`](https://togithub.com/actions/checkout/releases/tag/v3.2.0) [Compare Source](https://togithub.com/actions/checkout/compare/v3.1.0...v3.2.0) #### What's Changed - Add GitHub Action to perform release by [@​rentziass](https://togithub.com/rentziass) in [https://github.com/actions/checkout/pull/942](https://togithub.com/actions/checkout/pull/942) - Fix status badge by [@​ScottBrenner](https://togithub.com/ScottBrenner) in [https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967) - Replace datadog/squid with ubuntu/squid Docker image by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002) - Wrap pipeline commands for submoduleForeach in quotes by [@​jokreliable](https://togithub.com/jokreliable) in [https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964) - Update [@​actions/io](https://togithub.com/actions/io) to 1.1.2 by [@​cory-miller](https://togithub.com/cory-miller) in [https://github.com/actions/checkout/pull/1029](https://togithub.com/actions/checkout/pull/1029) - Upgrading version to 3.2.0 by [@​vmjoseph](https://togithub.com/vmjoseph) in [https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039) #### New Contributors - [@​ScottBrenner](https://togithub.com/ScottBrenner) made their first contribution in [https://github.com/actions/checkout/pull/967](https://togithub.com/actions/checkout/pull/967) - [@​cory-miller](https://togithub.com/cory-miller) made their first contribution in [https://github.com/actions/checkout/pull/1002](https://togithub.com/actions/checkout/pull/1002) - [@​jokreliable](https://togithub.com/jokreliable) made their first contribution in [https://github.com/actions/checkout/pull/964](https://togithub.com/actions/checkout/pull/964) - [@​vmjoseph](https://togithub.com/vmjoseph) made their first contribution in [https://github.com/actions/checkout/pull/1039](https://togithub.com/actions/checkout/pull/1039) **Full Changelog**: actions/checkout@v3...v3.2.0 </details> <details> <summary>ossf/scorecard-action</summary> ### [`v2.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.1...v2.1.2) #### What's Changed ##### Fixes - 🌱 Bump scorecard dependency to v4.10.2 to remove a CODEOWNERS printf statement. by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1054](https://togithub.com/ossf/scorecard-action/pull/1054) **Full Changelog**: ossf/scorecard-action@v2.1.1...v2.1.2 ### [`v2.1.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.1.0...v2.1.1) #### Scorecard version This release use [Scorecard's v4.10.1](https://togithub.com/ossf/scorecard/releases/tag/v4.10.1) **Full Changelog**: ossf/scorecard-action@v2.1.0...v2.1.1 ### [`v2.1.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.1.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0) #### What's Changed ##### Scorecard version This release uses [scorecard v4.10.0](https://togithub.com/ossf/scorecard/releases/tag/v4.10.0). ##### Improvements - Docker build workflow by [@​naveensrinivasan](https://togithub.com/naveensrinivasan) in [https://github.com/ossf/scorecard-action/pull/981](https://togithub.com/ossf/scorecard-action/pull/981) - Use root user in distroless to support GitHub Actions by [@​spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/994](https://togithub.com/ossf/scorecard-action/pull/994) - Disable pull_request_target by [@​laurentsimon](https://togithub.com/laurentsimon) in [https://github.com/ossf/scorecard-action/pull/1031](https://togithub.com/ossf/scorecard-action/pull/1031) ##### Documentation - Add PAT section explaining risks by [@​olivekl](https://togithub.com/olivekl) in [https://github.com/ossf/scorecard-action/pull/1024](https://togithub.com/ossf/scorecard-action/pull/1024) - Make the badge text easier to copy by [@​rajbos](https://togithub.com/rajbos) in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) #### New Contributors - [@​joycebrum](https://togithub.com/joycebrum) made their first contribution in [https://github.com/ossf/scorecard-action/pull/984](https://togithub.com/ossf/scorecard-action/pull/984) - [@​rajbos](https://togithub.com/rajbos) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1026](https://togithub.com/ossf/scorecard-action/pull/1026) **Full Changelog**: ossf/scorecard-action@v2.0.6...v2.1.0 </details> <details> <summary>pypa/gh-action-pypi-publish</summary> ### [`v1.6.4`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.4) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4) #### oh, boi! again? This is the last one tonight, promise! It fixes this embarrassing bug that was actually caught by the CI but got overlooked due to the lack of sleep. TL;DR GH passed `$HOME` from the external env into the container and that tricked the Python's `site` module to think that the home directory is elsewhere, adding non-existent paths to the env vars. See [#​115](https://togithub.com/pypa/gh-action-pypi-publish/issues/115). **Full Diff**: pypa/gh-action-pypi-publish@v1.6.3...v1.6.4 ### [`v1.6.3`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.3) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3) ### Another Release!? Why? In [https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340133013](https://togithub.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340133013), it was discovered that passing a `$PATH` variable even breaks the shebang. So this version adds more safeguards to make sure it keeps working with a fully broken `$PATH`. **Full Diff**: pypa/gh-action-pypi-publish@v1.6.2...v1.6.3 ### [`v1.6.2`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.6.2) [Compare Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2) #### What's Fixed - Made the `$PATH` and `$PYTHONPATH` environment variables resilient to broken values passed from the host runner environment, which previously allowed the users to accidentally break the container's internal runtime as reported in [https://github.com/pypa/gh-action-pypi-publish/issues/112](https://togithub.com/pypa/gh-action-pypi-publish/issues/112) #### Internal Maintenance Improvements - Added a devpi-based smoke-test GitHub Actions CI/CD workflow by [@​sesdaile-varmour](https://togithub.com/sesdaile-varmour) in [https://github.com/pypa/gh-action-pypi-publish/pull/111](https://togithub.com/pypa/gh-action-pypi-publish/pull/111) #### New Contributors - [@​sesdaile-varmour](https://togithub.com/sesdaile-varmour) made their first contribution in [https://github.com/pypa/gh-action-pypi-publish/pull/111](https://togithub.com/pypa/gh-action-pypi-publish/pull/111) **Full Diff**: pypa/gh-action-pypi-publish@v1.6.1...v1.6.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on monday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuNzMuMyJ9-->
](https://renovatebot.com){kind=link}
10 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds test for issue raised with v1.6.0.