chore(deps): update ci dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/build-push-action (changelog)	action	digest	d08e5c3 → bcafcac
ghcr.io/astral-sh/uv	stage	digest	90bbb3c → 3b7b60a
pypa/gh-action-pypi-publish	action	minor	v1.13.0 → v1.14.0
softprops/action-gh-release (changelog)	action	digest	153bb8e → 3bb1273

---

Release Notes

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

v1.14.0

Compare Source

Audit your supply chain regularly!

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #​397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #​388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #​395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#​391) and @​webknjaz💰 added infra for using type annotations in the project (#​381).

💪 New Contributors

• @​him2him2 made their first contribution in #​395
• @​whitequark made their first contribution in #​397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 6am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

Greptile Summary

Routine CI dependency updates generated by Renovate: digest bumps for docker/build-push-action (v7), softprops/action-gh-release (v2), and the ghcr.io/astral-sh/uv Docker stage, plus a minor version bump for pypa/gh-action-pypi-publish from v1.13.0 to v1.14.0. No logic changes are introduced.

Confidence Score: 5/5

Safe to merge — all changes are pinned digest/version bumps with no logic modifications.

No code logic is changed; only CI action digests and a Docker image digest are updated by Renovate. The pypa/gh-action-pypi-publish minor bump (v1.14.0) only enables verbose and print-hash by default, which are already explicitly set in the workflow.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	Three action pin digests updated: docker/build-push-action, softprops/action-gh-release (digest-only), and pypa/gh-action-pypi-publish bumped to v1.14.0 — no behavioral changes to the workflow logic.
Dockerfile	uv base image digest updated to a newer SHA; no other changes to the build stages.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Renovate Bot] --> B[Digest bump: docker/build-push-action v7]
    A --> C[Digest bump: softprops/action-gh-release v2]
    A --> D[Minor bump: pypa/gh-action-pypi-publish v1.13→v1.14]
    A --> E[Digest bump: ghcr.io/astral-sh/uv in Dockerfile]
    B --> F[release.yml — no logic change]
    C --> F
    D --> F
    E --> G[Dockerfile — no logic change]

Loading

_{Reviews (21): Last reviewed commit: "chore(deps): update ci dependencies" | Re-trigger Greptile}