From dd3930d3dfb130476ede7cebcd6a3c3324e18f8f Mon Sep 17 00:00:00 2001 From: Kyle King Date: Sun, 19 Oct 2025 07:59:35 -0600 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=94=A7=20MAINTAIN:=20keep=20GitHub=20?= =?UTF-8?q?Actions=20up=20to=20date?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 55f99c9..5768d27 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,13 @@ updates: directory: "/" # Location of package manifests schedule: interval: "monthly" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + all-dependencies: + update-types: + - "major" + - "minor" + - "patch" From 40c727d8a91a1efeccedd0950835ec265779bd65 Mon Sep 17 00:00:00 2001 From: Kyle King Date: Sun, 19 Oct 2025 08:16:38 -0600 Subject: [PATCH 2/3] ci: update sigstore/gh-action-sigstore-python Note: v4 will be released soon --- .github/workflows/tests.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 465907b..789fead 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -83,10 +83,8 @@ jobs: uses: actions/setup-python@v5 with: python-version: "3.x" - - name: Upgrade Pip - run: python -m pip install --upgrade pip - - name: Install Poetry - run: python -m pip install build + - name: Install build tooling + run: python -m pip install --upgrade pip build - name: Build a binary wheel and a source tarball run: python3 -m build - name: Store the distribution packages @@ -135,11 +133,12 @@ jobs: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@v2.1.1 + uses: sigstore/gh-action-sigstore-python@v3.0.0 with: inputs: >- ./dist/*.tar.gz ./dist/*.whl + upload-signing-artifacts: 'false' - name: Create GitHub Release env: GITHUB_TOKEN: ${{ github.token }} From 28563915ecfc9bf2eb79953403cbc49001c1eb0c Mon Sep 17 00:00:00 2001 From: Kyle King Date: Sun, 19 Oct 2025 08:26:51 -0600 Subject: [PATCH 3/3] ci: enforce tags starting with 'v' --- .github/workflows/tests.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 789fead..648b568 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -96,7 +96,7 @@ jobs: publish-to-pypi: name: >- Publish Python 🐍 distribution 📦 to PyPI - if: startsWith(github.ref, 'refs/tags/') # only publish to PyPI on tag pushes + if: startsWith(github.ref, 'refs/tags/v') # only publish to PyPI on tag pushes needs: - build runs-on: ubuntu-latest @@ -118,6 +118,7 @@ jobs: name: >- Sign the Python 🐍 distribution 📦 with Sigstore and upload them to GitHub Release + if: startsWith(github.ref, 'refs/tags/v') needs: - publish-to-pypi runs-on: ubuntu-latest @@ -133,12 +134,11 @@ jobs: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@v3.0.0 + uses: sigstore/gh-action-sigstore-python@v3.0.1 with: inputs: >- ./dist/*.tar.gz ./dist/*.whl - upload-signing-artifacts: 'false' - name: Create GitHub Release env: GITHUB_TOKEN: ${{ github.token }}