chore(deps): update ci dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/build-push-action (changelog)	action	digest	d08e5c3 → bcafcac
ghcr.io/astral-sh/uv	stage	digest	90bbb3c → 240fb85
pypa/gh-action-pypi-publish	action	minor	v1.13.0 → v1.14.0
python	final	digest	55e465c → 2e256d0
python	stage	digest	55e465c → 2e256d0
softprops/action-gh-release (changelog)	action	digest	153bb8e → 3bb1273

---

Release Notes

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

v1.14.0

Compare Source

Audit your supply chain regularly!

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #​397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #​388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #​395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#​391) and @​webknjaz💰 added infra for using type annotations in the project (#​381).

💪 New Contributors

• @​him2him2 made their first contribution in #​395
• @​whitequark made their first contribution in #​397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • "before 6am on Monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

Greptile Summary

Routine Renovate-managed digest and minor version bumps for CI/CD dependencies: docker/build-push-action, softprops/action-gh-release, pypa/gh-action-pypi-publish (v1.13.0→v1.14.0), the python:3.14-slim-bookworm base image, and ghcr.io/astral-sh/uv. All actions and images remain pinned by SHA, maintaining supply-chain hygiene. No logic or configuration changes are included.

Confidence Score: 5/5

Safe to merge — purely automated digest and minor version bumps with no logic changes.

All updates are digest pins or a well-scoped minor release (pypa/gh-action-pypi-publish v1.14.0 only enables verbose/print-hash by default, which are already explicitly set in the workflow). No logic, configuration, or interface changes are present.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/release.yml	Digest bumps for docker/build-push-action (v7), softprops/action-gh-release (v2), and a minor version bump for pypa/gh-action-pypi-publish (v1.13.0→v1.14.0); all actions remain pinned by SHA.
Dockerfile	Digest-only updates for python:3.14-slim-bookworm (both builder and final stages) and ghcr.io/astral-sh/uv; no structural changes to the build process.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Tag Push / Release Trigger] --> B[Build Docker Image]
    B --> C["docker/build-push-action\n bcafcac  v7"]
    C --> D[Push to GHCR]
    D --> E[Create GitHub Release]
    E --> F["softprops/action-gh-release\n 3bb1273  v2"]
    F --> G[Publish to PyPI]
    G --> H["pypa/gh-action-pypi-publish\n cef2210  v1.14.0"]

    subgraph Dockerfile
        I["python:3.14-slim-bookworm\n 2e256d0  builder"]
        J["ghcr.io/astral-sh/uv\n 240fb85"]
        K["python:3.14-slim-bookworm\n 2e256d0  final"]
    end

    B --> Dockerfile

Loading

_{Reviews (19): Last reviewed commit: "chore(deps): update ci dependencies" | Re-trigger Greptile}