twine-upload: only nudge on PyPI-looking domains

Signed-off-by: William Woodruff <william@trailofbits.com>
This commit is contained in:
William Woodruff 2023-07-10 12:11:56 -04:00
parent be695966b0
commit e90e853e89
No known key found for this signature in database
1 changed files with 8 additions and 2 deletions

View File

@ -59,12 +59,18 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
echo \
'::notice::Using a user-provided API token for authentication' \
"against ${INPUT_REPOSITORY_URL}"
echo "${TRUSTED_PUBLISHING_NUDGE}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
else
echo \
'::notice::Using a username + password pair for authentication' \
"against ${INPUT_REPOSITORY_URL}"
echo "${TRUSTED_PUBLISHING_NUDGE}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
fi
if [[