Releases: hynek/build-and-inspect-python-package
v2.14.0
v2.13.0
Added
-
New output:
package_nameis the name of the built package as stored in metadata.
#162 -
The package name is now part of the action summary which is helpful when you build more than one package from a repository.
#169
Changed
-
All GitHub actions are now pinned to exact hashes for better reproducibility and mild security improvements.
Since chosen prefix SHA-1 hash collision attacks exist, this is but security theater against serious attackers.
v2.12.0
This release only updates our dependencies to support packaging metadata v2.4 (as created, for example, by recent Hatchling releases).
Note
To upload packages with metadata v2.4 (which is required for PEP 639 license metadata) using the official pypi-publish GitHub Action, you must make sure to use its v1.12.4 or later.
v2.11.0
Added
- New output:
package_versionis the version of the package that was built. #152
v2.10.0
Changed
- Remove
.gitignorefrom the build target directory to avoid silly attestations. #149
v2.9.0
Changed
uv buildis now used instead of the build package. Since the actual build of the packages is done by the packaging backend (the one you define in yourpyproject.tomlunderbuild-system.build-backend-- for example, Setuptools or Hatchling), this should make no difference except for faster runs. #140
v2.8.0
Changed
- We now use uv's new
uv cache prune --cito only cache downloaded files. This makes the cache smaller and faster to pack/unpack. #135
Fixed
- Turns out, the default location of uv's cache cannot be cached and actions/cache fails silently with an opaque "Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved." log message. We have moved the cache to
/tmp. #135
v2.7.0
v2.6.0
v2.5.0
Added
- New input:
attest-build-provenance-githubgenerates signed build provenance attestations for workflow artifacts.
#122