-
-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
attestations: collect *.zip sdists as well #295
attestations: collect *.zip sdists as well #295
Conversation
Signed-off-by: William Woodruff <william@trailofbits.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Thanks for all the quick help!
|
@jpl-jengelke this is within the action, not PyPI. |
Sorry, that was misstated. Question: How often is the action released/updated and/or how may I use the unstable branch? (If an update is imminent, we should wait. Otherwise, I wouldn't want to use the unstable branch for long nor modify our workflow file, if possible.) |
@jpl-jengelke The fix is now released as a part of v1.12.1: #296. |
Thank you!!! So fast! All of us can aspire to be so efficient! |
FWIW, today I was fighting a few of more serious regressions from yesterday and didn't have much time due to the day job, which is how this PR happened to make it into the release.. Not sure if this kind of FOSS-life balance is something to aspire to, but I do value good automations that simplify releasing. |
Sorry about that -- I know where that issue is. I'll be able to make a fix shortly. |
#297 will fix this on the GHA side, but I need to perform a similar update to Warehouse as well. Edit: Warehouse PR: pypi/warehouse#17044 |
@jpl-jengelke I released v1.12.2 with William's fix: #298 / https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.12.2. Though, you need to wait for pypi/warehouse#17044 to end up in production to see the effect fully. Looks like the deployment progress is displayed @ https://github.com/pypi/warehouse/deployments/pypi.org. |
The original distribution collection neglected to collect
*.zip
, which is also valid for source distributions.See: rzellem/EXOTIC#1344