From a1ce3844ac33bd8deec3df588c16ea681915ab7e Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Fri, 27 Sep 2024 20:47:02 +0200 Subject: [PATCH] Check for Trusted Publishing in magic link logic --- twine-upload.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index fce4517..98d41b1 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -73,7 +73,11 @@ MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\ A new Trusted Publisher for the currently running publishing workflow can be created \ by accessing the following link(s) while logged-in as an owner of the package(s):" -if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then + +[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \ + && TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false + +if [[ "${TRUSTED_PUBLISHING}" == true || ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="" else if [[ "${INPUT_REPOSITORY_URL}" =~ test\.pypi\.org ]] ; then @@ -90,8 +94,6 @@ else echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY fi -[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \ - && TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false if [[ "${INPUT_ATTESTATIONS}" != "false" ]] ; then # Setting `attestations: true` without Trusted Publishing indicates