From 85aeb941b3d0a2a9eebf66071beb81cf1f93c410 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 16 Jan 2025 11:06:12 +0000
Subject: [PATCH 1/3] build(deps): Bump Python to 3.13 and Poetry to 2.0.0

---
 .github/workflows/build-publish.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index d100842..127ec45 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -21,11 +21,11 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
       with:
-          python-version: '3.11'
+          python-version: '3.13'
     - name: Install Poetry
       uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4.0.0
       with:
-        poetry-version: '1.8.5'
+        poetry-version: '2.0.0'
     # The dark mode and light mode Atsign logos in the GitHub README don't
     # show properly on PyPI so we have a copy of the README.md in
     # README.PyPI.md with just the light mode logo.

From ea398eabc67a9e36c3c37264a8871789dc89ab89 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 16 Jan 2025 11:07:47 +0000
Subject: [PATCH 2/3] build(deps): Bump Poetry to 2.0.1

---
 .github/workflows/build-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 127ec45..2b415ff 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -25,7 +25,7 @@ jobs:
     - name: Install Poetry
       uses: abatilo/actions-poetry@3765cf608f2d4a72178a9fc5b918668e542b89b1 # v4.0.0
       with:
-        poetry-version: '2.0.0'
+        poetry-version: '2.0.1'
     # The dark mode and light mode Atsign logos in the GitHub README don't
     # show properly on PyPI so we have a copy of the README.md in
     # README.PyPI.md with just the light mode logo.

From c069dae7ef1ece2e18e5c25eab6a53908ab3eca0 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Thu, 16 Jan 2025 11:10:24 +0000
Subject: [PATCH 3/3] ci: Use poetry.lock to generate SBOM

---
 .github/workflows/build-publish.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 2b415ff..a01205f 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -102,10 +102,10 @@ jobs:
       id-token: write  # IMPORTANT: mandatory for sigstore
       attestations: write
     steps:
-    - name: Checkout requirements.txt
+    - name: Checkout poetry.lock
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
-        sparse-checkout: requirements.txt
+        sparse-checkout: poetry.lock
         sparse-checkout-cone-mode: false
     - name: Download all the dists
       uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
@@ -117,7 +117,7 @@ jobs:
       env:
         TOKEN: ${{ secrets.SBOMIFY_TOKEN }}
         COMPONENT_ID: 'wy8Kpn8rF9'
-        LOCK_FILE: './requirements.txt'
+        LOCK_FILE: './poetry.lock'
         SBOM_VERSION: ${{github.ref_name}}
         OUTPUT_FILE: 'dist/at_python-${{github.ref_name}}-sbom.cdx.json'
         AUGMENT: true