Skip to content

ci: revert pypa/gh-action-pypi-publish to v1.13.0#337

Merged
JingsongLi merged 1 commit into
apache:mainfrom
luoyuxia:revert-pypi-publish-v1.14.0
May 20, 2026
Merged

ci: revert pypa/gh-action-pypi-publish to v1.13.0#337
JingsongLi merged 1 commit into
apache:mainfrom
luoyuxia:revert-pypi-publish-v1.14.0

Conversation

@luoyuxia
Copy link
Copy Markdown
Contributor

@luoyuxia luoyuxia commented May 20, 2026

Summary

  • Revert pypa/gh-action-pypi-publish from v1.14.0 (cef221092ed1bacb1cc03d23a2d87d1d172e277b) to v1.13.0 (ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e)
  • The v1.14.0 SHA was bumped by Dependabot in chore(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 #297, but it has not been added to the Apache GitHub organization's allowed actions list yet
  • This causes the Release Python Binding workflow to fail with: The action pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b is not allowed

Motivation

The Apache GitHub organization enforces an allowlist for third-party GitHub Actions. The v1.14.0 commit SHA is not yet approved, blocking all Python package releases. Reverting to the previously approved v1.13.0 restores the release pipeline.

We can upgrade again once the Apache INFRA team adds the new SHA to the allowlist.

@luoyuxia @claude
ci: revert pypa/gh-action-pypi-publish from v1.14.0 to v1.13.0
34f0527 
The v1.14.0 SHA (cef221092ed1bacb1cc03d23a2d87d1d172e277b) is not yet
in the Apache GitHub organization's allowed actions list, causing the
Release Python Binding workflow to fail. Revert to v1.13.0
(ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e) which is already approved.

This reverts part of the changes from apache#297.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@luoyuxia luoyuxia marked this pull request as draft May 20, 2026 07:07
@luoyuxia luoyuxia marked this pull request as ready for review May 20, 2026 07:07
@luoyuxia luoyuxia mentioned this pull request May 20, 2026
Merged
JingsongLi
JingsongLi approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@JingsongLi JingsongLi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@JingsongLi JingsongLi merged commit 63a5374 into apache:main May 20, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JingsongLi JingsongLi JingsongLi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@luoyuxia @JingsongLi