Skip to content

v0.2.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 16 Apr 15:46
· 97 commits to main since this release
v0.2.1
29fabd1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • Switched deploy workflow to PyPI Trusted Publishers (OIDC) — eliminates long-lived API tokens
  • Enabled digital attestations for published packages (provenance verification)
  • Separated build and publish into isolated jobs to prevent credential leakage
  • Pinned all GitHub Actions to full commit SHAs to prevent tag-hijacking attacks
  • Added pypi-publish-test environment for TestPyPI deployments (with approval gate)
  • Added pypi-publish-prod environment for PyPI deployments (with approval gate)
  • Restricted workflow permissions to least privilege (contents: read default)

Changed

  • Renamed deploy workflow from deploy.yml to deploy-test.yml
  • Separated build, release, and publish into isolated workflow jobs
  • Replaced deprecated actions/create-release with softprops/action-gh-release
  • Added deploy-prod.yml for production PyPI publishing with GitHub Release creation

Added

  • Added docs/releasing.md documenting the release process
Assets 2
Loading