PyPI publish Github Actions アップデートログ 2023.08.14
でつ
久々に↓の記事のGithub Actionsを走らせたらなんかWarningが出てきたので対応する
でつ1番目のWarning
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/checkout@v2, actions/setup-python@v2. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
actions/checkout@v2, actions/setup-python@v2がnode12を使っているけど、Github Actionsはnode16に移行するぞ、ということらしい
Node12 has been out of support since April 2022. As a result we have started the deprecation process of Node12 for GitHub Actions. We plan to migrate all actions to run on Node16 by Summer 2023.
What you need to do
For Actions maintainers: Update your actions to run on Node16 instead of Node12 (Actions configuration settings)
For Actions users: Update your workflows with latest versions of the actions which runs on Node16 (Using versions for Actions)
新しいバージョンのActionsが対応済みならバージョン上げるだけでOKか
でつ元記事でも参照していたPyPAユーザーガイド内のGithub Actionsコードが更新されていた これに従ってactions/checkout@v3, actions/setup-python@v4にアプデすれば治りそう
でつ2, 3番目のWarning
Input 'password' has been deprecated with message: UNSUPPORTED GITHUB ACTION VERSION
You are using
pypa/gh-action-pypi-publish@master. Themasterbranch of this project has been sunset and will not receive any updates, not even security bug fixes. Please, make sure to use a supported version. If you want to pin to v1 major version, usepypa/gh-action-pypi-publish@release/v1. If you feel adventurous, you may opt to use usepypa/gh-action-pypi-publish@unstable/v1instead. A more general recommendation is to pin to exact tags or commit SHAs.
Please also consider migrading your setup to use secretless publishing: https://github.com/marketplace/actions/pypi-publish#trusted-publishing
メッセージは大きく2つ:
-
pypa/gh-action-pypi-publish@masterは更新されないのでpypa/gh-action-pypi-publish@release/v1とかを指定してくれ - secretless publishingに移行してはいかが?
1点目は言われた通りにして解決だろう
2点目もなんか良さげだからやってみる
でつ2点目も貼られたガイドに従うだけで良さそう
でつ以上の修正でWarningは全部消えた
なんかNotice出たけどこれはtrusted publishingしましたよって言ってるだけっぽい?
では問題なしということで、修正を記事に反映させた