Merge pull request #167 from trail-of-forks/tob-nudge
This commit is contained in:
commit
68276eb3e4
|
@ -40,6 +40,12 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
|
||||||
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||||
|
|
||||||
|
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
|
||||||
|
Trusted Publishers allows publishing packages to PyPI from automated \
|
||||||
|
environments like GitHub Actions without needing to use username/password \
|
||||||
|
combinations or API tokens to authenticate with PyPI. Read more: \
|
||||||
|
https://docs.pypi.org/trusted-publishers"
|
||||||
|
|
||||||
if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
|
if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
|
||||||
# No password supplied by the user implies that we're in the OIDC flow;
|
# No password supplied by the user implies that we're in the OIDC flow;
|
||||||
# retrieve the OIDC credential and exchange it for a PyPI API token.
|
# retrieve the OIDC credential and exchange it for a PyPI API token.
|
||||||
|
@ -53,10 +59,18 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
|
||||||
echo \
|
echo \
|
||||||
'::notice::Using a user-provided API token for authentication' \
|
'::notice::Using a user-provided API token for authentication' \
|
||||||
"against ${INPUT_REPOSITORY_URL}"
|
"against ${INPUT_REPOSITORY_URL}"
|
||||||
|
|
||||||
|
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||||
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo \
|
echo \
|
||||||
'::notice::Using a username + password pair for authentication' \
|
'::notice::Using a username + password pair for authentication' \
|
||||||
"against ${INPUT_REPOSITORY_URL}"
|
"against ${INPUT_REPOSITORY_URL}"
|
||||||
|
|
||||||
|
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||||
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[
|
if [[
|
||||||
|
|
Loading…
Reference in New Issue