From 4694692d9cf2c76bf87da2fbdac02ef2fc3a09b2 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Mon, 12 Aug 2024 13:19:55 -0400 Subject: [PATCH 1/5] Update LD actions --- .github/workflows/manual-publish.yml | 2 +- .github/workflows/release-please.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 4d68691..28a8db8 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -26,7 +26,7 @@ jobs: - name: Install poetry uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 - - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0 + - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0 name: 'Get PyPI token' with: aws_assume_role: ${{ vars.AWS_ROLE_ARN }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 721fce9..bb0b9c0 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -37,7 +37,7 @@ jobs: if: ${{ steps.release.outputs.releases_created }} uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 - - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.0 + - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0 if: ${{ steps.release.outputs.releases_created }} name: 'Get PyPI token' with: From 73a595577efe636534cbd79a39d00cbd7e255ced Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Mon, 12 Aug 2024 13:20:20 -0400 Subject: [PATCH 2/5] Update provenance --- .github/workflows/manual-publish.yml | 2 +- .github/workflows/release-please.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 28a8db8..995f967 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -46,7 +46,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.build-publish.outputs.package-hashes }}" upload-assets: ${{ !inputs.dry_run }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index bb0b9c0..50f45f9 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -64,7 +64,7 @@ jobs: actions: read id-token: write contents: write - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 with: base64-subjects: "${{ needs.release-package.outputs.package-hashes }}" upload-assets: true From 93496f9f8cae8865944290f59b36c5fe65757b93 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Mon, 12 Aug 2024 13:20:48 -0400 Subject: [PATCH 3/5] Update release-please --- .github/workflows/release-please.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 50f45f9..07c7515 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -16,12 +16,8 @@ jobs: upload-tag-name: ${{ steps.release.outputs.tag_name }} package-hashes: ${{ steps.build.outputs.package-hashes}} steps: - - uses: google-github-actions/release-please-action@v3 + - uses: googleapis/release-please-action@v4 id: release - with: - command: manifest - token: ${{secrets.GITHUB_TOKEN}} - default-branch: main - uses: actions/checkout@v4 if: ${{ steps.release.outputs.releases_created }} From a24cebf6b828840662a7987fc84ed9dbb3355ad7 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Mon, 12 Aug 2024 13:34:17 -0400 Subject: [PATCH 4/5] Bump setup-python --- .github/workflows/ci.yml | 4 ++-- .github/workflows/manual-publish.yml | 2 +- .github/workflows/release-please.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8f3d616..0aa1356 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} @@ -82,7 +82,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/manual-publish.yml b/.github/workflows/manual-publish.yml index 995f967..f307e8e 100644 --- a/.github/workflows/manual-publish.yml +++ b/.github/workflows/manual-publish.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: 3.8 diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 07c7515..8814cf3 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -24,7 +24,7 @@ jobs: with: fetch-depth: 0 # If you only need the current version keep this. - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 if: ${{ steps.release.outputs.releases_created }} with: python-version: 3.8 From bbc36a625d1ffd110bfa65e71fda8ca4c2570212 Mon Sep 17 00:00:00 2001 From: Matthew Keeler Date: Mon, 12 Aug 2024 16:11:28 -0400 Subject: [PATCH 5/5] Fix comparison --- .github/workflows/release-please.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 8814cf3..335a144 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -20,21 +20,21 @@ jobs: id: release - uses: actions/checkout@v4 - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} with: fetch-depth: 0 # If you only need the current version keep this. - uses: actions/setup-python@v5 - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} with: python-version: 3.8 - name: Install poetry - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} uses: abatilo/actions-poetry@7b6d33e44b4f08d7021a1dee3c044e9c253d6439 - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.2.0 - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} name: 'Get PyPI token' with: aws_assume_role: ${{ vars.AWS_ROLE_ARN }} @@ -42,20 +42,20 @@ jobs: - uses: ./.github/actions/build id: build - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} - uses: ./.github/actions/build-docs - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} - uses: ./.github/actions/publish - if: ${{ steps.release.outputs.releases_created }} + if: ${{ steps.release.outputs.releases_created == 'true' }} with: token: ${{env.PYPI_AUTH_TOKEN}} dry_run: false release-provenance: needs: [ 'release-package' ] - if: ${{ needs.release-package.outputs.release-created }} + if: ${{ needs.release-package.outputs.release-created == 'true' }} permissions: actions: read id-token: write