Upgrade PyPI upload workflow to use Trusted Publishing (#4589) by ahmed5145 · Pull Request #4611 · psf/black

ahmed5145 · 2025-03-12T10:31:10Z

This PR upgrades the PyPI publishing workflow to use Trusted Publishing instead of token-based authentication. This change:

Improves security by using OpenID Connect (OIDC) instead of long-lived tokens
Removes the need for maintaining PyPI tokens in GitHub secrets
Uses the official PyPA publishing action

Changes made:

Added id-token: write permission for OIDC authentication
Changed environment name to 'release'
Switched to pypa/gh-action-pypi-publish action
Removed twine dependency

Required actions after merging:
The repository maintainers will need to:

Configure Trusted Publishing in PyPI for the black project:
- Go to https://pypi.org/manage/account/publishing/
- Configure with:
  - Owner: psf
  - Repository: black
  - Workflow name: Build and publish
  - Environment: release
Create a 'release' environment in the GitHub repository settings
Remove the existing PyPI token from GitHub secrets (after verifying the new setup works)

cooperlees · 2025-03-12T14:43:39Z

Cool - TIL there is something more official than what I long ago cooked up at a GitHub conference when Actions were announced. Let's make CI happy and this feels the right way to go to me. I'll be copying for my other projects too :)

ahmed5145 · 2025-03-13T20:37:04Z

Happy to hear that, please feel free to use across. It's quite impressive that you were there during the announcement of Actions.

It seems that there is an issue with the CI workflow in the PR. The diff-shades-comment job is failing because it cannot find the .pr-comment.json artifact. This artifact is expected by the comment-details command in the diff_shades_gha_helper.py script.

I've reviewed the script and it seems like the artifact is not being generated or uploaded in the diff-shades workflow.
Could you provide guidance on how this artifact should be generated? Are there any known issues with the current CI setup that might be causing this?
Or if I am getting this completely wrong.
Thank you for your assistance!

cooperlees

CI seems to be working here - Is it just failing locally for you?

This looks good - I would imagine our next test run of this would confirm? Should we force run the skipped tests maybe?

Thoughts here other maintainers?

JelleZijlstra · 2025-03-14T20:53:30Z

This seems fine but it will need some changes on the PyPI side; I'll do that when I have some time. Not sure if @cooperlees has the requisite permissions.

webknjaz · 2025-10-26T21:16:21Z

.github/workflows/pypi_upload.yml

      - name: Build wheel and source distributions
        run: python -m build


Please avoid building in the same job as publishing. Especially with the elevated OIDC privileges. The transitive build deps shouldn't have such level of access.

#4589 links to proper examples.

Good call - but should we do that in a dedicated PR? We already have this setup today ...

Yeah, I think there's potentially a larger CI/CD cleanup PR (or PRs) that could be done here. I can help chip away at that with some PRs 🙂

@cooperlees the old setup doesn't give elevated privileges to the transitive build deps, this is quite coupled.

woodruffw · 2025-11-10T18:00:24Z

.github/workflows/pypi_upload.yml

+    environment:
+      name: release
+      url: https://pypi.org/p/black


Noting for the curious: the environment itself doesn't grant any special permissions to this job -- what it does is define an environment on GitHub's side, which can then be used to further constrain the publishing workflow (e.g. by adding required manual signoffs whenever the release workflow is triggered).

The PyPI documentation has some details on that: https://docs.pypi.org/trusted-publishers/security-model/#provider-specific-considerations

cooperlees · 2025-12-09T21:29:16Z

Turns out I had access - So I added as prompted, but it seems it has to be the .yml file name of the workflow ...

Is this ready to be merged now if I resolve conflicts?

woodruffw · 2025-12-09T21:56:15Z

So I added as prompted, but it seems it has to be the .yml file name of the workflow ...
Is this ready to be merged now if I resolve conflicts?

Yep, it should be the filename of the workflow that performs the publishing operation 🙂

cobaltt7 · 2025-12-10T04:42:00Z

I didn't add a new blank changelog after releasing 25.12 because the next release is 26.1, which is WIP in #4892. Ideally we want to keep that mostly just formatting changes, and to be conservative when considering other PRs.
However, this should be fine since it doesn't actually change Black itself, the new changelog just needs to be added still (python scripts/release.py -a)

github-actions · 2025-12-11T14:44:53Z

diff-shades reports zero changes comparing this PR (900c587) to main (6426151).

What is this? | Workflow run | diff-shades documentation

cobaltt7 · 2025-12-19T14:29:30Z

.github/workflows/pypi_upload.yml

    name: mypyc wheels ${{ matrix.only }}
    needs: generate_wheels_matrix
    runs-on: ${{ matrix.os }}
+    if: github.event_name == 'release'


Why do we want to gate the entire job to releases-only? The step is already release-gated. We want to build wheels on PRs to test and make sure builds don't fail.

Because building must not be happening in a job with such high privileges (once Trusted Publishing is set up) — the jobs should actually be made separate.

@webknjaz I believe that's an unrelated change. We already build and publish in the same job. The build deps now have the elevated permissions -- which yes, should be fixed -- but if I'm not mistaken, they have those permissions regardless of if the workflow runs on PR or release. So, ignoring that issue, this PR removed the functionality of testing wheel builds on PRs. Is there a reason for that?

Signed-off-by: cobalt <61329810+cobaltt7@users.noreply.github.com>

We want to test that build succeeds on PRs still (see psf#4611 (comment)) Some of these also just didn't do anything in the context Signed-off-by: cobalt <61329810+cobaltt7@users.noreply.github.com>

…f#4611) * Upgrade PyPI upload workflow to use Trusted Publishing * Add changelog entry for PyPI Trusted Publishing upgrade * Added PR number for changelog CI --------- Co-authored-by: Cooper Lees <me@cooperlees.com>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/repos/epage/pulls/191 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/repos/webexmemebot/pulls/547 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/repos/roboluke/pulls/409 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/repos/pypilot/pulls/408 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/luke/instant-msg-api/pulls/236 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | `<25.12.1,>=25.12.0` → `<26.1.1,>=26.1.0` | ![age](https://developer.mend.io/api/mc/badges/age/pypi/black/26.1.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/black/25.12.0/26.1.0?slim=true) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://git.tainton.uk/repos/PwnedPW/pulls/319 Co-authored-by: renovate[bot] <renovate-bot@git.tainton.uk> Co-committed-by: renovate[bot] <renovate-bot@git.tainton.uk>

This MR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | dev | major | `^25.0.0` → `^26.0.0` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/psf/black/badge)](https://securityscorecards.dev/viewer/?uri=github.com/psf/black) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  See merge request swiss-armed-forces/cyber-command/cea/loom!275 Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com>

chore(deps): update black (major) This MR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [black](https://github.com/psf/black) ([changelog](https://github.com/psf/black/blob/main/CHANGES.md)) | dev | major | `^25.0.0` → `^26.0.0` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/psf/black/badge)](https://securityscorecards.dev/viewer/?uri=github.com/psf/black) | --- ### Release Notes <details> <summary>psf/black (black)</summary> ### [`v26.1.0`](https://github.com/psf/black/blob/HEAD/CHANGES.md#2610) [Compare Source](psf/black@25.12.0...26.1.0) ##### Highlights Introduces the 2026 stable style ([#4892](psf/black#4892)), stabilizing the following changes: - `always_one_newline_after_import`: Always force one blank line after import statements, except when the line after the import is a comment or an import statement ([#4489](psf/black#4489)) - `fix_fmt_skip_in_one_liners`: Fix `# fmt: skip` behavior on one-liner declarations, such as `def foo(): return "mock" # fmt: skip`, where previously the declaration would have been incorrectly collapsed ([#4800](psf/black#4800)) - `fix_module_docstring_detection`: Fix module docstrings being treated as normal strings if preceded by comments ([#4764](psf/black#4764)) - `fix_type_expansion_split`: Fix type expansions split in generic functions ([#4777](psf/black#4777)) - `multiline_string_handling`: Make expressions involving multiline strings more compact ([#1879](psf/black#1879)) - `normalize_cr_newlines`: Add `\r` style newlines to the potential newlines to normalize file newlines both from and to ([#4710](psf/black#4710)) - `remove_parens_around_except_types`: Remove parentheses around multiple exception types in `except` and `except*` without `as` ([#4720](psf/black#4720)) - `remove_parens_from_assignment_lhs`: Remove unnecessary parentheses from the left-hand side of assignments while preserving magic trailing commas and intentional multiline formatting ([#4865](psf/black#4865)) - `standardize_type_comments`: Format type comments which have zero or more spaces between `#` and `type:` or between `type:` and value to `# type: (value)` ([#4645](psf/black#4645)) The following change was not in any previous stable release: - Regenerated the `_width_table.py` and added tests for the Khmer language ([#4253](psf/black#4253)) This release alo bumps `pathspec` to v1 and fixes inconsistencies with Git's `.gitignore` logic ([#4958](psf/black#4958)). Now, files will be ignored if a pattern matches them, even if the parent directory is directly unignored. For example, Black would previously format `exclude/not_this/foo.py` with this `.gitignore`: ``` exclude/ !exclude/not_this/ ``` Now, `exclude/not_this/foo.py` will remain ignored. To ensure `exclude/not_this/` and all of it's children are included in formatting (and in Git), use this `.gitignore`: ``` */exclude/* !*/exclude/not_this/ ``` This new behavior matches Git. The leading `*/` are only necessary if you wish to ignore matching subdirectories (like the previous behavior did), and not just matching root directories. ##### Output - Explicitly shutdown the multiprocessing manager when run in diff mode too ([#4952](psf/black#4952)) ##### Integrations - Upgraded PyPI upload workflow to use Trusted Publishing ([#4611](psf/black#4611)) </details> --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  See merge request swiss-armed-forces/cyber-command/cea/loom!275 Co-authored-by: Loom MR Pipeline Trigger <group_103951964_bot_9504bb8dead6d4e406ad817a607f24be@noreply.gitlab.com> Co-authored-by: open-source Pipeline <group_90701827_bot_ed04ae348bc5f40af9966fb8b6867e99@noreply.gitlab.com>

Upgrade PyPI upload workflow to use Trusted Publishing

c35007f

ahmed5145 added 2 commits March 12, 2025 09:59

Add changelog entry for PyPI Trusted Publishing upgrade

1234419

Added PR number for changelog CI

6cbb1d3

cooperlees approved these changes Mar 14, 2025

View reviewed changes

webknjaz suggested changes Oct 26, 2025

View reviewed changes

onerandomusername mentioned this pull request Nov 10, 2025

Release workflow: Atomic PyPI pushing? #4839

Open

woodruffw reviewed Nov 10, 2025

View reviewed changes

motalib-code mentioned this pull request Nov 24, 2025

Fix #4839: Implement atomic PyPI releases to prevent incomplete uploads #4864

Closed

woodruffw mentioned this pull request Dec 9, 2025

Pin all GitHub Actions references #4901

Merged

4 tasks

Merge branch 'main' into upgrade-pypi-trusted-publishing

900c587

cooperlees merged commit 7916e4a into psf:main Dec 11, 2025
53 checks passed

woodruffw mentioned this pull request Dec 11, 2025

Lingering CI/CD pins, add cooldowns, remove template injections #4906

Merged

4 tasks

cobaltt7 reviewed Dec 19, 2025

View reviewed changes

cobaltt7 mentioned this pull request Dec 27, 2025

Split the Build and Publish workflow into more jobs #4926

Closed

cobaltt7 added a commit to cobaltt7/black that referenced this pull request Dec 27, 2025

Remove redundant ifs and resolve psf#4611 (comment)

4b77d06

Signed-off-by: cobalt <61329810+cobaltt7@users.noreply.github.com>

cobaltt7 mentioned this pull request Dec 29, 2025

Various CI and doc refactors #4928

Merged

		- name: Build wheel and source distributions
		run: python -m build

Comments

Conversation

ahmed5145 commented Mar 12, 2025

Uh oh!

cooperlees commented Mar 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ahmed5145 commented Mar 13, 2025

Uh oh!

cooperlees left a comment

Choose a reason for hiding this comment

Uh oh!

JelleZijlstra commented Mar 14, 2025

Uh oh!

webknjaz Oct 26, 2025

Choose a reason for hiding this comment

Uh oh!

cooperlees Dec 9, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

woodruffw Dec 9, 2025

Choose a reason for hiding this comment

Uh oh!

webknjaz Dec 11, 2025

Choose a reason for hiding this comment

Uh oh!

woodruffw Nov 10, 2025

Choose a reason for hiding this comment

Uh oh!

cooperlees commented Dec 9, 2025

Uh oh!

woodruffw commented Dec 9, 2025

Uh oh!

cobaltt7 commented Dec 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Dec 11, 2025

Uh oh!

Uh oh!

cobaltt7 Dec 19, 2025

Choose a reason for hiding this comment

Uh oh!

webknjaz Dec 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

cobaltt7 Dec 19, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

cooperlees commented Mar 12, 2025 •

edited

Loading

cooperlees Dec 9, 2025 •

edited

Loading

cobaltt7 commented Dec 10, 2025 •

edited

Loading

webknjaz Dec 19, 2025 •

edited

Loading

cobaltt7 Dec 19, 2025 •

edited

Loading