Fix provenance/poetry dependencies#875
Conversation
fix poetry installation
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/publish_to_pypi.yml (1)
82-87: Provide the provenance bundle before settingattestations: true.
pypa/gh-action-pypi-publishexpects the attestation bundle to be present underdist/whenattestations: true, but this job only downloads the wheel/sdist artifact. Without also downloading (or copying) the provenance bundle emitted by the build job, the publish step will fail. Please fetch thepython-package-provenanceartifact here (and place it underdist/), or remove the flag until the attestation file is available.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
.github/workflows/publish_to_pypi.yml(5 hunks)
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/publish_to_pypi.yml
28-28: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: semgrep-cloud-platform/scan
| id: cache-poetry | ||
| uses: actions/cache@v3 | ||
| with: | ||
| path: /home/runner/.local | ||
| key: dotlocal-${{ env.POETRY_VERSION }}-${{ hashFiles('poetry.lock') }} |
There was a problem hiding this comment.
Upgrade cache action to v4.
actions/cache@v3 still runs on the deprecated Node 16 runner, so this workflow will start failing (actionlint already flags it). Please bump to actions/cache@v4.
🧰 Tools
🪛 actionlint (1.7.7)
28-28: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
.github/workflows/publish_to_pypi.yml around lines 27 to 31: the workflow uses
actions/cache@v3 which relies on the deprecated Node 16 runner; update the
action to actions/cache@v4 by changing the uses field to actions/cache@v4 so the
cache step runs on the supported runtime and stops actionlint failures.
shichengripple001
requested review from
Patel-Raj11,
achowdhry-ripple,
ckeshava,
mvadari and
pdp2121
|
@shichengripple001 is this ready to merge? |
|
closing it, the issue has been addressed by the release pipeline |
3 participants
High Level Overview of Change
fix poetry installation
fix provenance detail
require review
Context of Change
Type of Change
Did you update CHANGELOG.md?
Test Plan