Deploy release v0.46.0 #808
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
GitHub Actions does not create a new workflow run for events triggered by the GitHub Actions authentication token (`secrets.GITHUB_TOKEN`), which results in the Git Commit Linter’s workflow not being triggered when pull requests are created using GitHub Actions. This commit adds `ready_for_review` to the event types that trigger the GitHub Actions workflow 'Git Commit Linter' so that it runs for pull requests created using GitHub Actions when they are marked as ready for review by a user. From [Automatic token authentication](https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication): > When you use the repository's `GITHUB_TOKEN` to perform tasks, events > triggered by the `GITHUB_TOKEN`, with the exception of > `workflow_dispatch` and `repository_dispatch`, will not create a new > workflow run. This prevents you from accidentally creating recursive > workflow runs. For example, if a workflow run pushes code using the > repository's `GITHUB_TOKEN`, a new workflow will not run even when the > repository contains a workflow configured to run when `push` events > occur.
Add GitHub Actions workflow to release and deploy; Etc.
Bumps the development-dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [coverage](https://github.com/nedbat/coveragepy) | `7.6.12` | `7.8.0` | | [flake8](https://github.com/pycqa/flake8) | `7.1.2` | `7.2.0` | | [tox](https://github.com/tox-dev/tox) | `4.24.2` | `4.25.0` | | [types-lxml](https://github.com/abelcheung/types-lxml) | `2025.3.4` | `2025.3.30` | | [types-pytz](https://github.com/python/typeshed) | `2025.1.0.20250204` | `2025.2.0.20250326` | Updates `coverage` from 7.6.12 to 7.8.0 - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](coveragepy/coveragepy@7.6.12...7.8.0) Updates `flake8` from 7.1.2 to 7.2.0 - [Commits](PyCQA/flake8@7.1.2...7.2.0) Updates `tox` from 4.24.2 to 4.25.0 - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.24.2...4.25.0) Updates `types-lxml` from 2025.3.4 to 2025.3.30 - [Release notes](https://github.com/abelcheung/types-lxml/releases) - [Commits](abelcheung/types-lxml@2025.03.04...2025.03.30) Updates `types-pytz` from 2025.1.0.20250204 to 2025.2.0.20250326 - [Commits](https://github.com/python/typeshed/commits) --- updated-dependencies: - dependency-name: coverage dependency-version: 7.8.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: flake8 dependency-version: 7.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: tox dependency-version: 4.25.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: types-lxml dependency-version: 2025.3.30 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: development-dependencies - dependency-name: types-pytz dependency-version: 2025.2.0.20250326 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…dencies-2ee73981a3 deps: Bump the development-dependencies group with 5 updates
Bumps [setuptools](https://github.com/pypa/setuptools) from 75.3.0 to 78.1.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v75.3.0...v78.1.0) --- updated-dependencies: - dependency-name: setuptools dependency-version: 78.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): Bump setuptools from 75.3.0 to 78.1.0
Bumps the production-dependencies group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5.4.0` | `5.5.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.2` | `4.2.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.1` | `4.6.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.5.0` | `4.6.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.9` | `4.2.1` | Updates `actions/setup-python` from 5.4.0 to 5.5.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.4.0...v5.5.0) Updates `actions/cache` from 4.2.2 to 4.2.3 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4.2.2...v4.2.3) Updates `actions/upload-artifact` from 4.6.1 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.1...v4.6.2) Updates `actions/dependency-review-action` from 4.5.0 to 4.6.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v4.5.0...v4.6.0) Updates `actions/download-artifact` from 4.1.9 to 4.2.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.1.9...v4.2.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…tion-dependencies-dae34b5d0d chore: Bump the production-dependencies group across 1 directory with 5 updates
Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.15.2 to 3.16.0. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.15.2...3.16.0) --- updated-dependencies: - dependency-name: djangorestframework dependency-version: 3.16.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…rk-3.16.0 chore(deps): Bump djangorestframework from 3.15.2 to 3.16.0
Bumps [pytz](https://github.com/stub42/pytz) from 2025.1 to 2025.2. - [Release notes](https://github.com/stub42/pytz/releases) - [Commits](stub42/pytz@release_2025.1...release_2025.2) --- updated-dependencies: - dependency-name: pytz dependency-version: '2025.2' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): Bump pytz from 2025.1 to 2025.2
Bumps [pydantic](https://github.com/pydantic/pydantic) from 2.10.6 to 2.11.2. - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](pydantic/pydantic@v2.10.6...v2.11.2) --- updated-dependencies: - dependency-name: pydantic dependency-version: 2.11.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): Bump pydantic from 2.10.6 to 2.11.2
Bumps the production-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/setup-python` from 5.5.0 to 5.6.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.5.0...v5.6.0) Updates `codecov/codecov-action` from 5.4.0 to 5.4.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5.4.0...v5.4.2) Updates `actions/download-artifact` from 4.2.1 to 4.3.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.2.1...v4.3.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: codecov/codecov-action dependency-version: 5.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: production-dependencies - dependency-name: actions/download-artifact dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
…tion-dependencies-7233a01628 chore: Bump the production-dependencies group with 3 updates
Bumps [django](https://github.com/django/django) from 4.2.20 to 4.2.21. - [Commits](django/django@4.2.20...4.2.21) --- updated-dependencies: - dependency-name: django dependency-version: 4.2.21 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
chore: Bump django from 4.2.20 to 4.2.21
Bumps [setuptools](https://github.com/pypa/setuptools) from 78.1.0 to 78.1.1. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v78.1.0...v78.1.1) --- updated-dependencies: - dependency-name: setuptools dependency-version: 78.1.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
chore: Bump setuptools from 78.1.0 to 78.1.1
Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.6.1 to 8.7.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](python/importlib_metadata@v8.6.1...v8.7.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-version: 8.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…a-8.7.0 chore(deps): Bump importlib-metadata from 8.6.1 to 8.7.0
Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.15.2 to 3.16.0. - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](encode/django-rest-framework@3.15.2...3.16.0) --- updated-dependencies: - dependency-name: djangorestframework dependency-version: 3.16.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…rk-3.16.0 chore(deps): Bump djangorestframework from 3.15.2 to 3.16.0
Bumps [lxml](https://github.com/lxml/lxml) from 5.3.1 to 5.4.0. - [Release notes](https://github.com/lxml/lxml/releases) - [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt) - [Commits](lxml/lxml@lxml-5.3.1...lxml-5.4.0) --- updated-dependencies: - dependency-name: lxml dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): Bump lxml from 5.3.1 to 5.4.0
The `pyOpenSSL` package includes type annotations or type stubs since version 24.2.1. We are using `pyOpenSSL` version 25.0.0, so this package is no longer needed.
> This is a PEP 561 type stub package for the `setuptools` package. > It can be used by type-checking tools like mypy, pyright, pytype, Pyre, > PyCharm, etc. to check code that uses `setuptools`. - [Web Site](https://github.com/python/typeshed) - [VCS Repository](https://github.com/python/typeshed.git) - [Documentation](https://github.com/python/typeshed/blob/23e702b4/README.md) - [Software Repository](https://pypi.org/project/types-setuptools/)
deps: Uninstall Python package `types-pyOpenSSL`
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.1 to 44.0.3. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.1...44.0.3) --- updated-dependencies: - dependency-name: cryptography dependency-version: 44.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
chore(deps): Bump cryptography from 44.0.1 to 44.0.3
Release v0.46.0
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| - name: Upload coverage reports to Codecov | ||
| uses: codecov/codecov-action@v5.4.0 | ||
| uses: codecov/codecov-action@v5.4.2 |
Check warning
Code scanning / CodeQL
Unpinned tag for a non-immutable Action in workflow Medium
Comment on lines
+45
to
+61
| run: | | ||
| create_release_vcs_branch_name="${PREPARE_RELEASE_GITHUB_VCS_REF:?}" | ||
| create_release_vcs_branch_name="${create_release_vcs_branch_name/release/deploy}" | ||
| echo "Creating release creation VCS branch '$create_release_vcs_branch_name'…" | ||
| git checkout -b "${create_release_vcs_branch_name:?}" -- | ||
| git publish --verbose | ||
| create_release_vcs_ref="refs/heads/${create_release_vcs_branch_name:?}" | ||
| echo "CREATE_RELEASE_VCS_REF=${create_release_vcs_ref:?}" >> "$GITHUB_ENV" | ||
| create_release_github_pull_request_title="${PREPARE_RELEASE_GITHUB_PULL_REQUEST_TITLE:?}" | ||
| create_release_github_pull_request_title="deploy ${create_release_github_pull_request_title,,}" | ||
| create_release_github_pull_request_title="${create_release_github_pull_request_title@u}" | ||
| echo "CREATE_RELEASE_GITHUB_PULL_REQUEST_TITLE=${create_release_github_pull_request_title:?}" >> "$GITHUB_ENV" | ||
| create_release_github_pull_request_description="Ref: ${PREPARE_RELEASE_GITHUB_PULL_REQUEST_HTML_URL:?}" | ||
| echo "CREATE_RELEASE_GITHUB_PULL_REQUEST_DESCRIPTION=${create_release_github_pull_request_description:?}" >> "$GITHUB_ENV" |
Check warning
Code scanning / CodeQL
Environment variable built from user-controlled sources Medium
jtrobles-cdd
approved these changes
May 22, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Ref: #807