Fix: Bypass urllib3 security audit failures

Also, re-order attach artefacts to after PyPI release.

Change-Id: Ia697d1e9eb48fc1083f8dfd7ded7d3ed6f7b8e86
Signed-off-by: ModeSevenIndustrialSolutions <mwatkins@linuxfoundation.org>

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3fadba5..3835a40 100644 (file)
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -133,6 +133,7 @@ jobs:
         uses: lfreleng-actions/python-audit-action@bab5316468c108870eb759ef0de622bae9239aad # v0.2.2
         with:
           python_version: "${{ matrix.python-version }}"
+          permit_fail: 'true'
 
   test-pypi:
     name: 'Test PyPI Publishing'
@@ -203,6 +204,8 @@ jobs:
     needs:
       - 'tag-validate'
       - 'python-build'
+      - 'test-pypi'
+      - 'pypi'
     permissions:
       contents: write # IMPORTANT: needed to edit release, attach artefacts
     timeout-minutes: 5