fix: update pypi-publish action to use release/v1#279
Conversation
|
Thanks for the pull request, @salman2013! This repository is currently maintained by Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review. 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. DetailsWhere can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources: When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
There was a problem hiding this comment.
Pull request overview
Updates the release workflow to fix failures in the “Publish to PyPI” step by switching the PyPA publish action reference to the stable release/v1 branch (avoiding breakage from pinned SHA Docker image cleanup on GHCR).
Changes:
- Switch
pypa/gh-action-pypi-publishfrom a pinned commit SHA torelease/v1in the PyPI publish step.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| - name: Publish to PyPI | ||
| uses: pypa/gh-action-pypi-publish@7f25271a4aa483500f742f9492b2ab5648d61011 # v1.12.4 | ||
| uses: pypa/gh-action-pypi-publish@release/v1 |
|
|
||
| - name: Publish to PyPI | ||
| uses: pypa/gh-action-pypi-publish@7f25271a4aa483500f742f9492b2ab5648d61011 # v1.12.4 | ||
| uses: pypa/gh-action-pypi-publish@release/v1 |
There was a problem hiding this comment.
I think we should keep following the SHA hash standard and trying bumping the version.
or is there any reason to alter the way?
There was a problem hiding this comment.
No, this is the stable version for pypa as you can see we already using in
https://github.com/openedx/sample-plugin/blob/00aa9441d0219e8773042da7c0a50508a2b30880/.github/workflows/release.yml#L107
There was a problem hiding this comment.
LGTM!
Studied following PR while shifting to SHA versions:
https://github.com/openedx/sample-plugin/pull/53/changes#diff-87db21a973eed4fef5f32b267aa60fcee5cbdf03c67fafdc2a9b553bb0b15f34R108
Description:
This PR is the fix for the failing Publish to PyPI workflow
Ref:https://github.com/openedx/xblocks-core/actions/runs/29327012856/job/87066591905
What we fix:
The original PR used a pinned commit SHA for v1.12.4. By the time the PR was merged and the release ran, pypa had already deleted that Docker image from ghcr.io (they released v1.13.0 and v1.14.0 since then and cleaned up old images).
release/v1 is a protected branch maintained by pypa specifically as the stable floating reference. They guarantee that its Docker image always stays alive and up to date. Verified from the API — it's protected and currently points to v1.14.0.
The sample-plugin repository, which serves as the reference repository for the modernization tooling, also uses the same approach.
Ref: https://github.com/openedx/sample-plugin/blob/00aa9441d0219e8773042da7c0a50508a2b30880/.github/workflows/release.yml#L107