diff options
| author | natsuoto <[email protected]> | 2026-04-28 15:56:29 +0530 |
|---|---|---|
| committer | natsuoto <[email protected]> | 2026-04-28 15:56:29 +0530 |
| commit | 8040f1db4809765ae73897cfcebd37d702a953c6 (patch) | |
| tree | ca295c1e661811e7fd78d1d0a677e303ab530c05 /.github/workflows/python-publish.yml | |
| parent | 7faf56a6fc95a002d24f2558eca5e727c9e8dde4 (diff) | |
| download | edify-8040f1db4809765ae73897cfcebd37d702a953c6.tar.xz edify-8040f1db4809765ae73897cfcebd37d702a953c6.zip | |
chore: bump GitHub Actions to current major versions
Pure version bumps; workflow behavior is unchanged.
- actions/checkout v3 -> v5
- actions/setup-python v3 -> v5
- github/codeql-action/{init,autobuild,analyze} v2 -> v3
- pypa/gh-action-pypi-publish SHA-pinned -> v1.14.0 SHA, with
trailing version comment for human readability
The @v3 actions ran on the deprecated Node 16 runtime; @v5 (and
codeql-action @v3) all use Node 20, the current GitHub-supported
runtime. Third-party pypa publish action stays SHA-pinned for
supply-chain safety.
Closes #34
Diffstat (limited to '.github/workflows/python-publish.yml')
| -rw-r--r-- | .github/workflows/python-publish.yml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index ec70354..a9e0e8f 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -21,9 +21,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Set up Python - uses: actions/setup-python@v3 + uses: actions/setup-python@v5 with: python-version: '3.x' - name: Install dependencies @@ -33,7 +33,7 @@ jobs: - name: Build package run: python -m build - name: Publish package - uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 + uses: pypa/gh-action-pypi-publish@6733eb7d741f0b11ec6a39b58540dab7590f9b7d # v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} |