Sourced from actions/setup-python's releases.

v4.0.0

What's Changed

• Support for python-version-file input: #336

Example of usage:

- uses: actions/setup-python@v4
  with:
    python-version-file: '.python-version' # Read python version from a file
- run: python my_script.py

There is no default python version for this setup-python major version, the action requires to specify either python-version input or python-version-file input. If the python-version input is not specified the action will try to read required version from file from python-version-file input.

• Use pypyX.Y for PyPy python-version input: #349

Example of usage:

- uses: actions/setup-python@v4
  with:
    python-version: 'pypy3.9' # pypy-X.Y kept for backward compatibility
- run: python my_script.py

• RUNNER_TOOL_CACHE environment variable is equal AGENT_TOOLSDIRECTORY: #338

• Bugfix: create missing pypyX.Y symlinks: #347

• PKG_CONFIG_PATH environment variable: #400

• Added python-path output: #405 python-path output contains Python executable path.

• Updated zeit/ncc to vercel/ncc package: #393

• Bugfix: fixed output for prerelease version of poetry: #409

• Made pythonLocation environment variable consistent for Python and PyPy: #418

• Bugfix for 3.x-dev syntax: #417

• Other improvements: #318 #396 #384 #387 #388

Update actions/cache version to 2.0.2

In scope of this release we updated actions/cache package as the new version contains fixes related to GHES 3.5 (actions/setup-python#382)

Add "cache-hit" output and fix "python-version" output for PyPy

This release introduces new output cache-hit (actions/setup-python#373) and fix python-version output for PyPy (actions/setup-python#365)

The cache-hit output contains boolean value indicating that an exact match was found for the key. It shows that the action uses already existing cache or not. The output is available only if cache is enabled.

... (truncated)

• 13ae5bb Merge pull request #517 from rentziass/rentziass/update-actions-core
• 0c4d7b8 Update @​actions/core to 1.10.0
• 13a464f Fix typo (#503)
• b4fe97e upgrade @​actions/cache so it respects SEGMENT_DOWNLOAD_TIMEOUT_MINS (#499)
• 434aeab Bump @​actions/core from 1.7.0 to 1.9.1 (#495)
• 98c991d Only use github.token on github.com (#443)
• 397a35f Merge pull request #492 from al-cheb/al-cheb/update-runner-link
• 48a0f00 Update runner links
• 978fd06 Merge pull request #491 from lkfortuna/patch-2
• 050e616 Update README.md
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/checkout's releases.

v3.0.0

• Updated to the node16 runtime by default
  • This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

v2.5.0

What's Changed

• Update @​actions/core to 1.10.0 by @​rentziass in actions/checkout#962

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.5.0

v2.4.2

What's Changed

• Add set-safe-directory input to allow customers to take control. (#770) by @​TingluoHuang in actions/checkout#776
• Prepare changelog for v2.4.2. by @​TingluoHuang in actions/checkout#778

Full Changelog: https://github.com/actions/checkout/compare/v2...v2.4.2

v2.4.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

• Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

• Add missing awaits
• Swap to Environment Files

v2.3.3

• Remove Unneeded commit information from build logs
• Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

... (truncated)

Sourced from actions/checkout's changelog.

Changelog

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

• Update to node 16

v2.3.1

• Fix default branch resolution for .wiki and when using SSH

v2.3.0

• Fallback to the default branch

v2.2.0

• Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

• Changes to support GHES (here and here)

v2.1.0

• Group output
• Changes to support GHES alpha release
• Persist core.sshCommand for submodules
• Add support ssh
• Convert submodule SSH URL to HTTPS, when not using SSH
• Add submodule support
• Follow proxy settings
• Fix ref for pr closed event when a pr is merged
• Fix issue checking detached when git less than 2.22

v2.0.0

• Do not pass cred on command line
• Add input persist-credentials
• Fallback to REST API to download repo

• 93ea575 Prepare release v3.1.0 (#940)
• 6a84743 Bump @​actions/core to 1.10.0 (#939)
• e6d535c Inject GitHub host to be able to clone from another GitHub instance (#922)
• 2541b12 Prepare changelog for v3.0.2. (#777)
• 0ffe6f9 Add set-safe-directory input to allow customers to take control. (#770)
• dcd71f6 Enforce safe directory (#762)
• add3486 Patch to fix the dependbot alert. (#744)
• 5126516 Bump minimist from 1.2.5 to 1.2.6 (#741)
• d50f8ea Add v3.0 release information to changelog (#740)
• 2d1c119 update test workflows to checkout v3 (#709)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/upload-artifact's releases.

v3.0.0

What's Changed

• Update default runtime to node16 (#293)
• Update package-lock.json file version to 2 (#302)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.3.1

Fix for empty fails on Windows failing on upload #281

v2.3.0 Upload Artifact

• Optimizations for faster uploads of larger files that are already compressed
• Significantly improved logging when there are chunked uploads
• Clarifications in logs around the upload size and prohibited characters that aren't allowed in the artifact name or any uploaded files
• Various other small bugfixes & optimizations

v2.2.4

• Retry on HTTP 500 responses from the service

v2.2.3

• Fixes for proxy related issues

v2.2.2

• Improved retryability and error handling

v2.2.1

• Update used actions/core package to the latest version

v2.2.0

• Support for artifact retention

v2.1.4

• Add Third Party License Information

v2.1.3

• Use updated version of the @action/artifact NPM package

v2.1.2

• Increase upload chunk size from 4MB to 8MB
• Detect case insensitive file uploads

v2.1.1

• Fix for certain symlinks not correctly being identified as directories before starting uploads

v2.1.0

• Support for uploading artifacts with multiple paths
• Support for using exclude paths
• Updates to dependencies

... (truncated)

• 83fd05a Bump actions-core to v1.10.0 (#356)
• 3cea537 Merge pull request #327 from actions/robherley/artifact-1.1.0
• 849aa77 nvm use 12 & npm run release
• 4d39869 recompile with correct ncc version
• 2e0d362 bump @​actions/artifact to 1.1.0
• 09a5d6a Merge pull request #320 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1
• 189315d Bump ansi-regex from 4.1.0 to 4.1.1
• d159c2d Merge pull request #297 from actions/dependabot/npm_and_yarn/ajv-6.12.6
• c26a7ba Bump ajv from 6.11.0 to 6.12.6
• 6ed6c72 Merge pull request #303 from actions/dependabot/npm_and_yarn/yargs-parser-13.1.2
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from actions/download-artifact's releases.

v3.0.0

What's Changed

• Update default runtime to node16 (actions/download-artifact#134)
• Update package-lock.json file version to 2 (actions/download-artifact#136)

Breaking Changes

With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

v2.1.0 Download Artifact

• Improved output & logging
• Fixed issue where downloading all artifacts could cause display percentages to be over 100%
• Various small bug fixes & improvements

v2.0.10

• Retry on HTTP 500 responses from the service

v2.0.9

• Fixes to proxy related issues

v2.0.8

• Improvements to retryability if an error is encountered during artifact download

v2.0.7 download-artifact

• Improved download retry-ability if a partial download is encountered

v2.0.6

Update actions/core NPM package that is used internally

v2.0.5

• Add Third Party License Information

v2.0.4

• Use the latest version of the @actions/artifact NPM package

v2.0.3

• Misc improvements

v2.0.2

• Support for tilde expansion

v2.0.1

• Download path output
• Improved logging

• 9782bd6 Update @​actions/core to 1.10.0 (#178)
• 076f0f7 Merge pull request #156 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1
• 7151be3 Bump ansi-regex from 4.1.0 to 4.1.1
• 51cbdc4 Merge pull request #152 from actions/dependabot/npm_and_yarn/minimist-1.2.6
• e89a529 Bump minimist from 1.2.5 to 1.2.6
• fb598a6 Merge pull request #136 from actions/jtamsut/update-lockfile-version
• a4a09c5 regenerate index.js
• 9acf51d regenerate package lock
• 8821072 upgrade artifact version
• b8bbd3b regenerate lockfile
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Sourced from pypa/gh-action-pypi-publish's releases.

v1.6.4

oh, boi! again?

This is the last one tonight, promise! It fixes this embarrassing bug that was actually caught by the CI but got overlooked due to the lack of sleep. TL;DR GH passed $HOME from the external env into the container and that tricked the Python's site module to think that the home directory is elsewhere, adding non-existent paths to the env vars. See #115.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.3...v1.6.4

v1.6.3

Another Release!? Why?

In pypa/gh-action-pypi-publish#112, it was discovered that passing a $PATH variable even breaks the shebang. So this version adds more safeguards to make sure it keeps working with a fully broken $PATH.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.2...v1.6.3

v1.6.2

What's Fixed

• Made the $PATH and $PYTHONPATH environment variables resilient to broken values passed from the host runner environment, which previously allowed the users to accidentally break the container's internal runtime as reported in pypa/gh-action-pypi-publish#112

Internal Maintenance Improvements

• Added a devpi-based smoke-test GitHub Actions CI/CD workflow by @​sesdaile-varmour in pypa/gh-action-pypi-publish#111

New Contributors

• @​sesdaile-varmour made their first contribution in pypa/gh-action-pypi-publish#111

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.1...v1.6.2

v1.6.1

What's happened?!

There was a sneaky bug in v1.6.0 which caused Twine to be outside the import path in the Python runtime. It is fixed in v1.6.1 by updating $PYTHONPATH to point to a correct location of the user-global site-packages/ directory.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.6.0...v1.6.1

v1.6.0

Anything's changed?

The only update is that the Python runtime has been upgraded from 3.9 to 3.11. There are no functional changes in this release.

Full Changelog: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.2...v1.6.0

v1.5.2

What's Improved

• Implemented the Twine transitive dependency tree pinning using pip-tools-generated constraint files. See pypa/gh-action-pypi-publish#107 and pypa/gh-action-pypi-publish#101 for details.

Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.5.1...v1.5.2

v1.5.1

What's Changed

... (truncated)

• c7f29f7 🐛 Override $HOME in the container with /root
• 644926c 🧪 Always run smoke testing in debug mode
• e71a4a4 Add support for verbose bash execusion w/ $DEBUG
• e56e821 🐛 Make id always available in twine-upload
• c879b84 🐛 Use full path to bash in shebang
• 57e7d53 🐛Ensure the default $PATH value is pre-loaded
• ce291dc 🎨🐛Fix the branch @ pre-commit.ci badge links
• 102d8ab 🐛 Rehardcode devpi port for GHA srv container
• 3a9eaef 🐛Use different ports in/out of GHA containers
• a01fa74 🐛 Use localhost @ GHA outside the containers
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)