Skip to content

Upgrade GitHub Actions to latest versions #234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
salmanmkc wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Upgrade GitHub Actions to latest versions #234

salmanmkc wants to merge 2 commits into from
+1 −1

Conversation

@salmanmkc
Copy link

@salmanmkc salmanmkc commented Dec 16, 2025
edited
Loading

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action Old Version(s) New Version Files
pypa/gh-action-pypi-publish release/v1 ed0c539 workflow files

Why upgrade?

Keeping GitHub Actions up to date ensures:

  • Security: Latest security patches and fixes
  • Features: Access to new functionality and improvements
  • Compatibility: Better support for current GitHub features
  • Performance: Optimizations and efficiency improvements

Note on pypa/gh-action-pypi-publish

This action uses branch-based versioning (release/v1.x) rather than tags. The v1 tag does not exist in this repository.

This PR pins to the SHA of release/v1.13 for security best practices:

uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1.13

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality.

@salmanmkc
Upgrade GitHub Actions to latest versions
0c0430c
@salmanmkc
Fix pypa/gh-action-pypi-publish to use SHA pinning
69f2023 
Pin to release/v1.13 for security best practices.
The v1 tag doesn't exist - only release/v1 branch exists.

Signed-off-by: Salman Muin Kayser Chishti <[email protected]>
@salmanmkc
Copy link
Author

salmanmkc commented Dec 17, 2025

Updated this PR to fix the pypa/gh-action-pypi-publish version.

The v1 tag doesn't exist in that repo - it uses branch-based versioning (release/v1).

Changed to SHA pinning: @ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1.13

This follows GitHub's security best practices for third-party actions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@salmanmkc