From 43540b6926da10ee0dd0130380825a070fd96c71 Mon Sep 17 00:00:00 2001 From: christophe dervieux Date: Mon, 25 May 2026 16:16:57 +0200 Subject: [PATCH] Bump publish workflow actions for Node 24 deprecation Node 20 actions are deprecated; runners force Node 24 on June 2, 2026 and remove Node 20 on September 16, 2026. Bump checkout and setup-python to their first node24 majors, and pin all three actions by full commit SHA for reproducible, audit-friendly references. - actions/checkout v4 -> v6.0.2 - actions/setup-python v5 -> v6.2.0 - pypa/gh-action-pypi-publish release/v1 -> v1.14.0 --- .github/workflows/publish.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5a74272..cf4567b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -20,12 +20,12 @@ jobs: id-token: write steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 submodules: true - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.x" - name: Install pypa/build @@ -39,10 +39,10 @@ jobs: - name: Clean Wheel run: rm -rf dist/quarto_cli*.whl - name: Publish package distributions to TestPyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 if: ${{ ! inputs.publish-release }} with: repository-url: https://test.pypi.org/legacy/ - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 if: ${{ inputs.publish-release }}