Skip to content

v0.2.1-rc1

Pre-release
Pre-release

Choose a tag to compare

View all tags
@github-actions github-actions released this 15 Apr 16:24
· 109 commits to main since this release
v0.2.1-rc1
ea54cf8
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security

  • Switched deploy workflow to PyPI Trusted Publishers (OIDC) — eliminates long-lived API tokens
  • Enabled digital attestations for published packages (provenance verification)
  • Separated build and publish into isolated jobs to prevent credential leakage
  • Pinned all GitHub Actions to full commit SHAs to prevent tag-hijacking attacks
  • Added pypi-publish-test environment for TestPyPI deployments
  • Restricted workflow permissions to least privilege (contents: read default)

Changed

  • Renamed deploy workflow from deploy.yml to deploy-test.yml
  • Separated build, release, and publish into isolated workflow jobs
  • Replaced deprecated actions/create-release with softprops/action-gh-release
Assets 2
Loading