gh-action-pypi-publish/twine-upload.sh

#! /usr/bin/env bash
set -Eeuo pipefail


echo \
    '# UNSUPPORTED GITHUB ACTION VERSION' \
    '\n\n' \
    You are using `pypa/gh-action-pypi-publish@master`. \
    The `master` branch of this project has been sunset and will not \
    receive any updates, not even security bug fixes. Please, make \
    sure to use a supported version. If you want to pin to v1 major \
    version, use `pypa/gh-action-pypi-publish@release/v1`. If you \
    feel adventurous, you may opt to use use \
    `pypa/gh-action-pypi-publish@unstable/v1` instead. A more \
    general recommendation is to pin to exact tags or commit shas. \
    '\n\n' \
    '\n\n' \
    '### Oh, and while you are here — #StandWithUkraine' \
    '\n\n' \
    '[![SWUbanner]][SWUdocs]' \
    '\n\n' \
    '[SWUbanner]:' \
    'https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner-direct-single.svg' \
    '\n\n' \
    '[SWUdocs]:' \
    'https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md' \
    >> "${GITHUB_STEP_SUMMARY}"
echo \
    ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
    UNSUPPORTED GITHUB ACTION VERSION \
    '<< ':: \
    You are using '"pypa/gh-action-pypi-publish@master"'. \
    The '"master"' branch of this project has been sunset and will not \
    receive any updates, not even security bug fixes. Please, make \
    sure to use a supported version. If you want to pin to v1 major \
    version, use '"pypa/gh-action-pypi-publish@release/v1"'. If you \
    feel adventurous, you may opt to use use \
    '"pypa/gh-action-pypi-publish@unstable/v1"' instead. A more \
    general recommendation is to pin to exact tags or commit shas.


if [[
    "$INPUT_USER" == "__token__" &&
    ! "$INPUT_PASSWORD" =~ ^pypi-
  ]]
then
    echo \
        ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
        POTENTIALLY INVALID TOKEN \
        '<< ':: \
        It looks like you are trying to use an API token to \
        authenticate in the package index and your token value does \
        not start with '"pypi-"' as it typically should. This may \
        cause an authentication error. Please verify that you have \
        copied your token properly if such an error occurs.
fi

if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \
     ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.whl &> /dev/null )
then
    echo \
        ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
        MISSING DISTS \
        '<< ':: \
        It looks like there are no Python distribution packages to \
        publish in the directory "'${INPUT_PACKAGES_DIR%%/}/'". \
        Please verify that they are in place should you face this \
        problem.
fi

if [[ ${INPUT_VERIFY_METADATA,,} != "false" ]] ; then
    twine check ${INPUT_PACKAGES_DIR%%/}/*
fi

TWINE_EXTRA_ARGS=
if [[ ${INPUT_SKIP_EXISTING,,} != "false" ]] ; then
    TWINE_EXTRA_ARGS=--skip-existing
fi

if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
    TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
fi

if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
    python /app/print-hash.py ${INPUT_PACKAGES_DIR%%/}
fi

TWINE_USERNAME="$INPUT_USER" \
TWINE_PASSWORD="$INPUT_PASSWORD" \
TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \
  exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/*
Fix a space position in shabang 2019-08-23 19:13:19 +08:00			`#! /usr/bin/env bash`
Adapt to new yml based github actions Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua> Co-Authored-By: Pradyun Gedam <pradyunsg@gmail.com> 2019-08-21 04:48:52 +08:00			`set -Eeuo pipefail`

Emit a warning if the token looks invalid Resolves #9 2019-09-12 20:38:56 +08:00
Render a depecation message in job summary. 2023-07-13 23:06:38 +08:00			`echo \`
			`'# UNSUPPORTED GITHUB ACTION VERSION' \`
			`'\n\n' \`
			You are using `pypa/gh-action-pypi-publish@master`. \
			The `master` branch of this project has been sunset and will not \
			`receive any updates, not even security bug fixes. Please, make \`
			`sure to use a supported version. If you want to pin to v1 major \`
			version, use `pypa/gh-action-pypi-publish@release/v1`. If you \
			`feel adventurous, you may opt to use use \`
			`pypa/gh-action-pypi-publish@unstable/v1` instead. A more \
			`general recommendation is to pin to exact tags or commit shas. \`
			`'\n\n' \`
			`'\n\n' \`
			`'### Oh, and while you are here — #StandWithUkraine' \`
			`'\n\n' \`
			`'[![SWUbanner]][SWUdocs]' \`
			`'\n\n' \`
			`'[SWUbanner]:' \`
			`'https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/banner-direct-single.svg' \`
			`'\n\n' \`
			`'[SWUdocs]:' \`
			`'https://github.com/vshymanskyy/StandWithUkraine/blob/main/docs/README.md' \`
			`>> "${GITHUB_STEP_SUMMARY}"`
📝Inform about deprecation of `master` branch This patch suggests the users to use `release/v1`. Resolves #83 2022-07-25 23:29:21 +08:00			`echo \`
			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`UNSUPPORTED GITHUB ACTION VERSION \`
			`'<< ':: \`
			`You are using '"pypa/gh-action-pypi-publish@master"'. \`
			`The '"master"' branch of this project has been sunset and will not \`
			`receive any updates, not even security bug fixes. Please, make \`
			`sure to use a supported version. If you want to pin to v1 major \`
			`version, use '"pypa/gh-action-pypi-publish@release/v1"'. If you \`
			`feel adventurous, you may opt to use use \`
			`'"pypa/gh-action-pypi-publish@unstable/v1"' instead. A more \`
			`general recommendation is to pin to exact tags or commit shas.`


Emit a warning if the token looks invalid Resolves #9 2019-09-12 20:38:56 +08:00			`if [[`
			`"$INPUT_USER" == "__token__" &&`
			`! "$INPUT_PASSWORD" =~ ^pypi-`
			`]]`
			`then`
Output warnings as GH Checks annotations 2020-06-04 07:06:14 +08:00			`echo \`
Add clarifying messages to annotation titles 2020-06-04 07:23:32 +08:00			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`POTENTIALLY INVALID TOKEN \`
			`'<< ':: \`
Emit a warning if the token looks invalid Resolves #9 2019-09-12 20:38:56 +08:00			`It looks like you are trying to use an API token to \`
			`authenticate in the package index and your token value does \`
			`not start with '"pypi-"' as it typically should. This may \`
			`cause an authentication error. Please verify that you have \`
			`copied your token properly if such an error occurs.`
			`fi`

Allow wildcards in INPUT_PACKAGES_DIR 2020-06-28 17:43:30 +08:00			`if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \`
			`! ls -A ${INPUT_PACKAGES_DIR%%/}/*.whl &> /dev/null )`
Print a warning if there's no dists to upload 2019-09-12 23:53:53 +08:00			`then`
Output warnings as GH Checks annotations 2020-06-04 07:06:14 +08:00			`echo \`
Add clarifying messages to annotation titles 2020-06-04 07:23:32 +08:00			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`MISSING DISTS \`
			`'<< ':: \`
Typos and brevity 2019-09-16 19:01:16 +08:00			`It looks like there are no Python distribution packages to \`
Invert quoting when rendering $INPUT_PACKAGES_DIR 2020-06-04 07:21:51 +08:00			`publish in the directory "'${INPUT_PACKAGES_DIR%%/}/'". \`
Output warnings as GH Checks annotations 2020-06-04 07:06:14 +08:00			`Please verify that they are in place should you face this \`
			`problem.`
Print a warning if there's no dists to upload 2019-09-12 23:53:53 +08:00			`fi`

Use metadata_verify instead of check 2020-06-03 23:04:52 +08:00			`if [[ ${INPUT_VERIFY_METADATA,,} != "false" ]] ; then`
Merge PR #33 This change implements running dists verification before performing actual upload. It is controlled by the input called `verify_metadata` which is on by default. 2020-06-03 23:40:16 +08:00			`twine check ${INPUT_PACKAGES_DIR%%/}/*`
feat: Add twine check before upload #30 2020-06-02 23:08:43 +08:00			`fi`

Expose `skip_existing` setting to the end-users 2020-06-20 03:30:53 +08:00			`TWINE_EXTRA_ARGS=`
			`if [[ ${INPUT_SKIP_EXISTING,,} != "false" ]] ; then`
			`TWINE_EXTRA_ARGS=--skip-existing`
			`fi`

🚑 Fix referring to `$INPUT_VERBOSE` var Resolves #41 2020-09-26 06:42:02 +08:00			`if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then`
Update twine-upload.sh 2020-09-15 12:31:21 +08:00			`TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"`
			`fi`
Emit a warning if the token looks invalid Resolves #9 2019-09-12 20:38:56 +08:00
Correct the if-clause for printing the hashes 2022-01-09 07:05:27 +08:00			`if [[ ${INPUT_PRINT_HASH,,} != "false" \|\| ${INPUT_VERBOSE,,} != "false" ]] ; then`
Remove quotes Fix #90 2022-01-13 12:50:40 +08:00			`python /app/print-hash.py ${INPUT_PACKAGES_DIR%%/}`
Move out the Python script from the shell script 2022-01-08 12:12:15 +08:00			`fi`

Protect env vars in Twine invocation 2019-08-23 19:17:10 +08:00			`TWINE_USERNAME="$INPUT_USER" \`
			`TWINE_PASSWORD="$INPUT_PASSWORD" \`
			`TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \`
Expose `skip_existing` setting to the end-users 2020-06-20 03:30:53 +08:00			`exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/*`