From 3c65a4131ff78649a799cc9446de7c2d8f19bbe7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Sep 2025 08:47:30 -0700 Subject: [PATCH 1/8] ci(deps): bump `pypa/gh-action-pypi-publish@1.12.4` action to 1.13.0 (#1321) --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 38d687f50..6c7ff663d 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -216,7 +216,7 @@ jobs: # see https://docs.pypi.org/trusted-publishers/ - name: Publish package distributions to PyPI id: pypi-publish - uses: pypa/gh-action-pypi-publish@v1.12.4 + uses: pypa/gh-action-pypi-publish@v1.13.0 with: packages-dir: dist print-hash: true From 4df4be465710e3b31ba65487069eccef1eeb8be1 Mon Sep 17 00:00:00 2001 From: codejedi365 Date: Sat, 6 Sep 2025 09:55:54 -0600 Subject: [PATCH 2/8] fix(cmd-version): prevent errors when PSR is executed in non-GitHub CI environments (#1322) NOTICE: Unfortunately, PSR introduced a bug in 10.3.0 when attempting to provide more CI outputs for GitHub Actions. It required our GitHub client interface to be loaded and even if it was not using GitHub CI to be run. This caused errors in Gitea and likely GitLab/Bitbucket environments. This change prevents that from happening but if any users pipelines were intentionally presenting the environment variable "GITHUB_OUTPUT" to enable action output to enable passing along internal outputs of PSR then their hack will no longer work after this change. Resolves: #1315 --- src/semantic_release/cli/commands/version.py | 9 +++------ src/semantic_release/cli/github_actions_output.py | 10 ++++++++-- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/src/semantic_release/cli/commands/version.py b/src/semantic_release/cli/commands/version.py index bb9ebfc3e..27b86be79 100644 --- a/src/semantic_release/cli/commands/version.py +++ b/src/semantic_release/cli/commands/version.py @@ -471,11 +471,7 @@ def version( # noqa: C901 no_verify = runtime.no_git_verify opts = runtime.global_cli_options gha_output = VersionGitHubActionsOutput( - gh_client=( - hvcs_client - if isinstance(hvcs_client, Github) - else Github(hvcs_client.remote_url(use_token=False)) - ), + gh_client=hvcs_client if isinstance(hvcs_client, Github) else None, mode=( PersistenceMode.TEMPORARY if opts.noop or (not commit_changes and not create_tag) @@ -553,7 +549,8 @@ def version( # noqa: C901 # Update GitHub Actions output value with new version & set delayed write gha_output.version = new_version - ctx.call_on_close(gha_output.write_if_possible) + if isinstance(hvcs_client, Github): + ctx.call_on_close(gha_output.write_if_possible) # Make string variant of version or appropriate tag as necessary version_to_print = str(new_version) if not print_only_tag else new_version.as_tag() diff --git a/src/semantic_release/cli/github_actions_output.py b/src/semantic_release/cli/github_actions_output.py index b7a507414..8ff97016f 100644 --- a/src/semantic_release/cli/github_actions_output.py +++ b/src/semantic_release/cli/github_actions_output.py @@ -24,7 +24,7 @@ class VersionGitHubActionsOutput: def __init__( self, - gh_client: Github, + gh_client: Github | None = None, mode: PersistenceMode = PersistenceMode.PERMANENT, released: bool | None = None, version: Version | None = None, @@ -106,6 +106,12 @@ def prev_version(self, value: Version) -> None: raise TypeError("output 'prev_version' should be a Version") self._prev_version = value + @property + def gh_client(self) -> Github: + if not self._gh_client: + raise ValueError("GitHub client not set, cannot create links") + return self._gh_client + def to_output_text(self) -> str: missing: set[str] = set() if self.version is None: @@ -128,7 +134,7 @@ def to_output_text(self) -> str: "version": str(self.version), "tag": self.tag, "is_prerelease": str(self.is_prerelease).lower(), - "link": self._gh_client.create_release_url(self.tag) if self.tag else "", + "link": self.gh_client.create_release_url(self.tag) if self.tag else "", "previous_version": str(self.prev_version) if self.prev_version else "", "commit_sha": self.commit_sha if self.commit_sha else "", } From 63e435ba466e1e980b9680d0f759950e5e598a61 Mon Sep 17 00:00:00 2001 From: codejedi365 Date: Sat, 6 Sep 2025 09:56:49 -0600 Subject: [PATCH 3/8] perf(cmd-version): re-order operations for faster parsing in version determination (#1310) --- src/semantic_release/version/algorithm.py | 23 +++++------------------ 1 file changed, 5 insertions(+), 18 deletions(-) diff --git a/src/semantic_release/version/algorithm.py b/src/semantic_release/version/algorithm.py index fa24e3fa1..0057cfcce 100644 --- a/src/semantic_release/version/algorithm.py +++ b/src/semantic_release/version/algorithm.py @@ -346,24 +346,7 @@ def next_version( # Step 5. apply the parser to each commit in the history (could return multiple results per commit) parsed_results = list(map(commit_parser.parse, commits_since_last_release)) - # Step 5A. Validation type check for the parser results (important because of possible custom parsers) - for parsed_result in parsed_results: - if not any( - ( - isinstance(parsed_result, (ParseError, ParsedCommit)), - type(parsed_result) == list - and validate_types_in_sequence( - parsed_result, (ParseError, ParsedCommit) - ), - type(parsed_result) == tuple - and validate_types_in_sequence( - parsed_result, (ParseError, ParsedCommit) - ), - ) - ): - raise TypeError("Unexpected type returned from commit_parser.parse") - - # Step 5B. Accumulate all parsed results into a single list accounting for possible multiple results per commit + # Step 5A. Accumulate all parsed results into a single list accounting for possible multiple results per commit consolidated_results: list[ParseResult] = reduce( lambda accumulated_results, p_results: [ *accumulated_results, @@ -378,6 +361,10 @@ def next_version( [], ) + # Step 5B. Validation type check for the parser results (important because of possible custom parsers) + if not validate_types_in_sequence(consolidated_results, (ParseError, ParsedCommit)): + raise TypeError("Unexpected type returned from commit_parser.parse") + # Step 5C. Parse the commits to determine the bump level that should be applied parsed_levels: set[LevelBump] = { parsed_result.bump # type: ignore[union-attr] # too complex for type checkers From 9293da56b24a9bd1a97acd4e9b1aabda4ef89fd6 Mon Sep 17 00:00:00 2001 From: semantic-release Date: Sat, 6 Sep 2025 16:17:01 +0000 Subject: [PATCH 4/8] 10.3.2 Automatically generated by python-semantic-release --- CHANGELOG.rst | 43 +++++++++++++++++++ .../automatic-releases/github-actions.rst | 14 +++--- pyproject.toml | 2 +- src/gh_action/requirements.txt | 2 +- 4 files changed, 52 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a4672699a..3b4e00cb5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,49 @@ CHANGELOG ========= +.. _changelog-v10.3.2: + +v10.3.2 (2025-09-06) +==================== + +🪲 Bug Fixes +------------ + +* **cmd-version**: Prevent errors when PSR is executed in non-GitHub CI environments, closes + `#1315`_ (`PR#1322`_, `4df4be4`_) + +⚡ Performance Improvements +--------------------------- + +* **cmd-version**: Re-order operations for faster parsing in version determination (`PR#1310`_, + `63e435b`_) + +📖 Documentation +---------------- + +* **uv-integration**: Add ``--no-changelog`` to build step to increase job speed (`PR#1316`_, + `e1aece1`_) + +💡 Additional Release Information +--------------------------------- + +* **cmd-version**: Unfortunately, PSR introduced a bug in 10.3.0 when attempting to provide more CI + outputs for GitHub Actions. It required our GitHub client interface to be loaded and even if it + was not using GitHub CI to be run. This caused errors in Gitea and likely GitLab/Bitbucket + environments. This change prevents that from happening but if any users pipelines were + intentionally presenting the environment variable "GITHUB_OUTPUT" to enable action output to + enable passing along internal outputs of PSR then their hack will no longer work after this + change. + +.. _#1315: https://github.com/python-semantic-release/python-semantic-release/issues/1315 +.. _4df4be4: https://github.com/python-semantic-release/python-semantic-release/commit/4df4be465710e3b31ba65487069eccef1eeb8be1 +.. _63e435b: https://github.com/python-semantic-release/python-semantic-release/commit/63e435ba466e1e980b9680d0f759950e5e598a61 +.. _e1aece1: https://github.com/python-semantic-release/python-semantic-release/commit/e1aece18ae1998b1523be65b1e569837a7054251 +.. _PR#1310: https://github.com/python-semantic-release/python-semantic-release/pull/1310 +.. _PR#1316: https://github.com/python-semantic-release/python-semantic-release/pull/1316 +.. _PR#1322: https://github.com/python-semantic-release/python-semantic-release/pull/1322 + + .. _changelog-v10.3.1: v10.3.1 (2025-08-06) diff --git a/docs/configuration/automatic-releases/github-actions.rst b/docs/configuration/automatic-releases/github-actions.rst index be794f08d..c7d4b0bfb 100644 --- a/docs/configuration/automatic-releases/github-actions.rst +++ b/docs/configuration/automatic-releases/github-actions.rst @@ -933,14 +933,14 @@ to the GitHub Release Assets as well. - name: Action | Semantic Version Release id: release # Adjust tag with desired version if applicable. - uses: python-semantic-release/python-semantic-release@v10.3.1 + uses: python-semantic-release/python-semantic-release@v10.3.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} git_committer_name: "github-actions" git_committer_email: "actions@users.noreply.github.com" - name: Publish | Upload to GitHub Release Assets - uses: python-semantic-release/publish-action@v10.3.1 + uses: python-semantic-release/publish-action@v10.3.2 if: steps.release.outputs.released == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} @@ -1039,7 +1039,7 @@ The equivalent GitHub Action configuration would be: - name: Action | Semantic Version Release # Adjust tag with desired version if applicable. - uses: python-semantic-release/python-semantic-release@v10.3.1 + uses: python-semantic-release/python-semantic-release@v10.3.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} force: patch @@ -1098,14 +1098,14 @@ Publish Action. - name: Release submodule 1 id: release-submod-1 - uses: python-semantic-release/python-semantic-release@v10.3.1 + uses: python-semantic-release/python-semantic-release@v10.3.2 with: directory: ${{ env.SUBMODULE_1_DIR }} github_token: ${{ secrets.GITHUB_TOKEN }} - name: Release submodule 2 id: release-submod-2 - uses: python-semantic-release/python-semantic-release@v10.3.1 + uses: python-semantic-release/python-semantic-release@v10.3.2 with: directory: ${{ env.SUBMODULE_2_DIR }} github_token: ${{ secrets.GITHUB_TOKEN }} @@ -1117,7 +1117,7 @@ Publish Action. # ------------------------------------------------------------------- # - name: Publish | Upload package 1 to GitHub Release Assets - uses: python-semantic-release/publish-action@v10.3.1 + uses: python-semantic-release/publish-action@v10.3.2 if: steps.release-submod-1.outputs.released == 'true' with: directory: ${{ env.SUBMODULE_1_DIR }} @@ -1125,7 +1125,7 @@ Publish Action. tag: ${{ steps.release-submod-1.outputs.tag }} - name: Publish | Upload package 2 to GitHub Release Assets - uses: python-semantic-release/publish-action@v10.3.1 + uses: python-semantic-release/publish-action@v10.3.2 if: steps.release-submod-2.outputs.released == 'true' with: directory: ${{ env.SUBMODULE_2_DIR }} diff --git a/pyproject.toml b/pyproject.toml index ccad3fd6e..ce10f324b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta" [project] name = "python-semantic-release" -version = "10.3.1" +version = "10.3.2" description = "Automatic Semantic Versioning for Python projects" requires-python = "~= 3.8" license = { text = "MIT" } diff --git a/src/gh_action/requirements.txt b/src/gh_action/requirements.txt index 889bd04bf..9d0c27391 100644 --- a/src/gh_action/requirements.txt +++ b/src/gh_action/requirements.txt @@ -1 +1 @@ -python-semantic-release == 10.3.1 +python-semantic-release == 10.3.2 From 3d9c825b6be98d84ca62a666f45501ef52aba594 Mon Sep 17 00:00:00 2001 From: codejedi365 Date: Sat, 6 Sep 2025 10:03:47 -0600 Subject: [PATCH 5/8] ci(deps): bump `python-semantic-release@v10.2.0` action to `v10.3.2` --- .github/workflows/cicd.yml | 2 +- .github/workflows/validate.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 6c7ff663d..ff9469950 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -148,7 +148,7 @@ jobs: - name: Release | Python Semantic Release id: release - uses: python-semantic-release/python-semantic-release@2896129e02bb7809d2cf0c1b8e9e795ee27acbcf # v10.2.0 + uses: python-semantic-release/python-semantic-release@9293da56b24a9bd1a97acd4e9b1aabda4ef89fd6 # v10.3.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} verbosity: 1 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index c881a0707..ff6aa3726 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -112,7 +112,7 @@ jobs: - name: Build | Build next version artifacts id: version - uses: python-semantic-release/python-semantic-release@2896129e02bb7809d2cf0c1b8e9e795ee27acbcf # v10.2.0 + uses: python-semantic-release/python-semantic-release@9293da56b24a9bd1a97acd4e9b1aabda4ef89fd6 # v10.3.2 with: github_token: "" verbosity: 1 From 196c57365d7420da8419119e507c3fa839c3159a Mon Sep 17 00:00:00 2001 From: codejedi365 Date: Sat, 6 Sep 2025 10:08:58 -0600 Subject: [PATCH 6/8] ci(deps): bump `python-semantic-release/publish-action@v10.2.0` to `v10.3.2` --- .github/workflows/cicd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index ff9469950..8357cee33 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -155,7 +155,7 @@ jobs: build: false - name: Release | Add distribution artifacts to GitHub Release Assets - uses: python-semantic-release/publish-action@b717f67f7e7e9f709357bce5a542846503ce46ec # v10.2.0 + uses: python-semantic-release/publish-action@63a952936fa65b0942a64427d3636fa691d676ce # v10.3.2 if: steps.release.outputs.released == 'true' with: github_token: ${{ secrets.GITHUB_TOKEN }} From 5c23e236ac66f1b14eae293acfbddc3ed7f4c825 Mon Sep 17 00:00:00 2001 From: codejedi365 Date: Sat, 6 Sep 2025 10:12:24 -0600 Subject: [PATCH 7/8] ci(deps): bump `actions/checkout@v4.2.2` to `v5.0.0` --- .github/workflows/ci.yml | 4 ++-- .github/workflows/cicd.yml | 4 ++-- .github/workflows/validate.yml | 12 ++++++------ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4576fc45d..9416cc0b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,7 +21,7 @@ jobs: if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 0 @@ -35,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 100 diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 8357cee33..b262f5abc 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 100 # Must at least retrieve a set of commits to compare changes # primarily because of any 'Rebase and Merge' PR action in GitHub @@ -115,7 +115,7 @@ jobs: # possible that the branch was updated while the workflow was running. This # prevents accidentally releasing un-evaluated changes. - name: Setup | Checkout Repository on Release Branch - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.ref_name }} fetch-depth: 0 diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index ff6aa3726..58ad71807 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -90,7 +90,7 @@ jobs: steps: - name: Setup | Checkout Repository at workflow sha - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.sha }} fetch-depth: 0 @@ -161,7 +161,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -217,7 +217,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -306,7 +306,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.sha }} fetch-depth: 1 @@ -405,7 +405,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: fetch-depth: 1 ref: ${{ github.sha }} @@ -447,7 +447,7 @@ jobs: steps: - name: Setup | Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: ref: ${{ github.sha }} fetch-depth: 1 From d96c45ef0ef8284da9ff4ccb0b8cb0ab546005ab Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 2 Sep 2025 00:06:50 +0000 Subject: [PATCH 8/8] ci(deps): bump `actions/download-artifact@v4.3.0` to `5.0.0` --- .github/workflows/cicd.yml | 4 ++-- .github/workflows/validate.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index b262f5abc..7718b5be7 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -125,7 +125,7 @@ jobs: git reset --hard ${{ github.sha }} - name: Setup | Download Build Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 id: artifact-download with: name: ${{ needs.validate.outputs.distribution-artifacts }} @@ -207,7 +207,7 @@ jobs: steps: - name: Setup | Download Build Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 id: artifact-download with: name: ${{ needs.validate.outputs.distribution-artifacts }} diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 58ad71807..eac75bb64 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -229,7 +229,7 @@ jobs: cache: 'pip' - name: Setup | Download Distribution Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.build.outputs.distribution-artifacts }} path: ./dist @@ -318,7 +318,7 @@ jobs: cache: 'pip' - name: Setup | Download Distribution Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.build.outputs.distribution-artifacts }} path: dist @@ -411,7 +411,7 @@ jobs: ref: ${{ github.sha }} - name: Setup | Download Distribution Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: ${{ needs.build.outputs.distribution-artifacts }} path: ${{ env.ACTION_SRC_DIR }}