Skip to content

ci: use release/v1 tag for pypa/gh-action-pypi-publish#107

Merged
pesap merged 1 commit intomainfrom
fix/pypi-publish-action
Mar 16, 2026
Merged

ci: use release/v1 tag for pypa/gh-action-pypi-publish#107
pesap merged 1 commit intomainfrom
fix/pypi-publish-action

Conversation

@pesap
Copy link
Collaborator

@pesap pesap commented Mar 16, 2026

Summary

  • Fix broken publish-testpypi and publish-pypi jobs in the release workflow
  • Replace commit SHA pin (106e0b0b...) with release/v1 rolling tag for pypa/gh-action-pypi-publish

Why

The zizmor CI hardening PR (#105) pinned pypa/gh-action-pypi-publish to a commit SHA. This action is Docker-based, and its container registry only publishes images by release tag, not by commit SHA. The result: docker: Error response from daemon: manifest unknown.

Using release/v1 is the recommended approach for this action and always has a matching Docker image.

Impact

The v1.3.3 release failed to publish to TestPyPI/PyPI. After merging this fix, re-running the failed release workflow will complete the publish.

@codecov-commenter
Copy link

codecov-commenter commented Mar 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.63%. Comparing base (bf0d5e9) to head (776388f).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #107   +/-   ##
=======================================
  Coverage   95.63%   95.63%           
=======================================
  Files           8        8           
  Lines        1719     1719           
=======================================
  Hits         1644     1644           
  Misses         75       75

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@pesap
ci: use release/v1 tag for pypa/gh-action-pypi-publish
776388f 
The Docker-based action has no container image published for the commit
SHA that zizmor pinned. Use the rolling release/v1 tag which always has
a matching image in ghcr.io.
@pesap pesap force-pushed the fix/pypi-publish-action branch from d0dab1c to 776388f Compare March 16, 2026 04:20
@pesap pesap changed the title fix(ci): use release/v1 tag for pypa/gh-action-pypi-publish ci: use release/v1 tag for pypa/gh-action-pypi-publish Mar 16, 2026
@pesap pesap merged commit c4e58b8 into main Mar 16, 2026
6 checks passed
@pesap pesap deleted the fix/pypi-publish-action branch March 16, 2026 04:20
@github-actions github-actions bot mentioned this pull request Mar 16, 2026
Closed
@pesap pesap mentioned this pull request Mar 16, 2026
Merged
@github-actions github-actions bot mentioned this pull request Mar 16, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github_actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@pesap @codecov-commenter