diff options
| author | natsuoto <[email protected]> | 2026-04-29 13:17:33 +0530 |
|---|---|---|
| committer | natsuoto <[email protected]> | 2026-04-29 13:17:33 +0530 |
| commit | 66d55de972484cf57a1e81cb386c06a9ecc4be44 (patch) | |
| tree | a38421a7affd6f20ce318560af9ac275954fd892 /.github/workflows/codeql-analysis.yml | |
| parent | 6164a18e828343b1e410d43f9833e1ad751024bb (diff) | |
| download | edify-66d55de972484cf57a1e81cb386c06a9ecc4be44.tar.xz edify-66d55de972484cf57a1e81cb386c06a9ecc4be44.zip | |
hotfix: pin pypa/gh-action-pypi-publish to commit SHA not tag-object SHA
#35 pinned `pypa/gh-action-pypi-publish` to
`6733eb7d741f0b11ec6a39b58540dab7590f9b7d`, which is the **tag
object** SHA for v1.14.0, not the commit it points to. The publish
action's Docker image is built per commit SHA, so pulling
`ghcr.io/pypa/gh-action-pypi-publish:6733eb7d...` failed with
"manifest unknown" and the v0.3.0 PyPI upload never happened.
The actual v1.14.0 commit SHA is
`cef221092ed1bacb1cc03d23a2d87d1d172e277b` (the tag object
dereferences to it, and `refs/heads/release/v1` agrees).
Also adding `workflow_dispatch:` trigger so we can re-run publish
without deleting/recreating the GitHub release. The release-only
trigger left us with no path to retry after the failure.
Closes #52
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
0 files changed, 0 insertions, 0 deletions