luoyuxia opened a new pull request, #338: URL: https://github.com/apache/paimon-rust/pull/338
## Summary - Revert `pypa/gh-action-pypi-publish` from v1.14.0 (`cef221092ed1bacb1cc03d23a2d87d1d172e277b`) to v1.13.0 (`ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e`) - The v1.14.0 SHA was bumped by Dependabot in #297, but it has not been added to the Apache GitHub organization's allowed actions list yet - This causes the **Release Python Binding** workflow to fail with: `The action pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b is not allowed` ## Motivation The Apache GitHub organization enforces an allowlist for third-party GitHub Actions. The v1.14.0 commit SHA is not yet approved, blocking all Python package releases. Reverting to the previously approved v1.13.0 restores the release pipeline. We can upgrade again once the Apache INFRA team adds the new SHA to the allowlist. Cherry-pick of #337 for the release-0.2 branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
