Skip to content

Fix invalid pinned SHA for pypa/gh-action-pypi-publish#908

Closed
sylwiaszunejko wants to merge 1 commit into
scylladb:masterfrom
sylwiaszunejko:fix-sha
Closed

Fix invalid pinned SHA for pypa/gh-action-pypi-publish#908
sylwiaszunejko wants to merge 1 commit into
scylladb:masterfrom
sylwiaszunejko:fix-sha

Conversation

@sylwiaszunejko

@sylwiaszunejko sylwiaszunejko commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Fix invalid pinned SHA for pypa/gh-action-pypi-publish

Fixes: #907

Pre-review checklist

  • I have split my patch into logically separate commits.
  • All commit messages clearly explain what they change and why.
  • I added relevant tests for new features and bug fixes.
  • All commits compile, pass static checks and pass test.
  • PR description sums up the changes and reasons why they should be introduced.
  • I have provided docstrings for the public items that I want to introduce.
  • I have adjusted the documentation in ./docs/source/.
  • I added appropriate Fixes: annotations to PR description.

@coderabbitai

coderabbitai Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 8988d3ab-6eb5-4c48-befe-88e34989c079

📥 Commits

Reviewing files that changed from the base of the PR and between 763af09 and c97c827.

📒 Files selected for processing (2)
  • .github/workflows/build-push.yml
  • .github/workflows/publish-manually.yml
📝 Walkthrough

Walkthrough

Both .github/workflows/build-push.yml and .github/workflows/publish-manually.yml update the pinned commit SHA for the pypa/gh-action-pypi-publish action in their respective PyPI publish steps. The v1.14.0 version comment is retained in both files. No other workflow logic, steps, or conditions are modified.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: fixing an invalid pinned SHA for a GitHub Action.
Description check ✅ Passed The PR description follows the template, includes the Fixes annotation, and documents the pre-review checklist appropriately for a configuration fix.
Linked Issues check ✅ Passed The PR fixes the GitHub Actions security policy violation by updating action references to use proper full-length commit SHAs, directly resolving issue #907.
Out of Scope Changes check ✅ Passed All changes are scoped to updating the pinned SHA for the pypa/gh-action-pypi-publish action in two workflow files, directly addressing the requirements from issue #907.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sylwiaszunejko sylwiaszunejko requested a review from Lorak-mmk June 15, 2026 11:26
@sylwiaszunejko sylwiaszunejko self-assigned this Jun 15, 2026
@Lorak-mmk

Lorak-mmk commented Jun 15, 2026

Copy link
Copy Markdown

I already changed it on master because I need to release: f5dea1d

@Lorak-mmk Lorak-mmk closed this Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lorak-mmk Lorak-mmk Awaiting requested review from Lorak-mmk

Assignees

@sylwiaszunejko sylwiaszunejko

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Publishg to pypi doesn't work because of SHA requirement

2 participants

@sylwiaszunejko @Lorak-mmk