Commit Graph

53 Commits

Author SHA1 Message Date
Facundo Tuesca d8c894824b Fix magic link nudge formatting in job summary 2024-09-27 20:47:50 +02:00
Facundo Tuesca a1ce3844ac Check for Trusted Publishing in magic link logic 2024-09-27 20:47:02 +02:00
Facundo Tuesca 36978192ca
Add nudge message with magic link to create new Trusted Publisher
PR #250

Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-09-05 17:25:58 +02:00
William Woodruff 8a08d61689
Expose PEP 740 attestations functionality
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
Peter Shen 67a07ebbed
Disable the progress bar when running `twine upload`
PR #231
Resolves #229

Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
William Woodruff 771d60f44b
Eliminate future tense in the password nudge in `twine-upload`
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.

Signed-off-by: William Woodruff <william@trailofbits.com>

PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
William Woodruff 674fb78567
twine-upload: replace notice with debug, simplify msgs 2023-12-04 20:27:16 -05:00
William Woodruff 2319287e0a
twine-upload: ::error, switch nudge order
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-11-22 17:28:02 -05:00
William Woodruff 254a0d4ec4
twine-upload: add a nudge for password auth
Closes #187.
2023-11-05 23:53:52 -05:00
William Woodruff e90e853e89
twine-upload: only nudge on PyPI-looking domains
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 12:11:56 -04:00
William Woodruff be695966b0
twine-upload: add a nudge for trusted publishing
Closes #164.

Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 11:44:56 -04:00
Jaap Roes 775be49481
Remove extraneous } 2023-06-08 14:56:32 +02:00
William Woodruff 0b567d5b01
oidc-exchange, twine-upload: remove more OIDC refs
...but not all, since some make sense in a debugging
context.

Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:32:49 +09:00
William Woodruff dfde872acc
Apply suggestions from code review
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-04-02 22:20:08 +09:00
William Woodruff 3d567f44ce
twine-upload: expound
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-01 21:09:00 +09:00
Hugo van Kemenade 65bf8a81de Remove double spaces 2023-03-29 21:22:09 +03:00
William Woodruff ae295504b3
twine-upload: increase detail on console notices
Signed-off-by: William Woodruff <william@trailofbits.com>

Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-22 11:19:01 -04:00
William Woodruff 2b46bad8cb
OIDC beta support
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko 22b4d1f125
🐛 Make kebab options fall back for snake_case
The previous release didn't take into account the action defaults so
the promised fallbacks for the old input names didn't work. This patch
corrects that mistake.
2023-03-11 03:06:39 +01:00
Sviatoslav Sydorenko f131721e84
🎨 Convert action inputs to use kebab-case
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Colin Dean efcb9babc8
🎨 Warn about empty password/token action input
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes #25.
2023-03-10 20:37:53 +01:00
Sviatoslav Sydorenko c7f29f7ade
🐛 Override `$HOME` in the container with `/root`
This is necessary to let `python -m site` locate the real install
directories.
This fixes #115 — the bug caused by GitHub passing the value of
`$HOME` from the host system that does not match the container's
expectations.
2022-12-07 02:41:32 +01:00
Sviatoslav Sydorenko e71a4a4c1d
Add support for verbose bash execusion w/ `$DEBUG` 2022-12-07 00:07:43 +01:00
Sviatoslav Sydorenko e56e8212f4
🐛 Make `id` always available in `twine-upload` 2022-12-07 00:07:20 +01:00
Sviatoslav Sydorenko c879b84594
🐛 Use full path to `bash` in shebang 2022-12-07 00:02:01 +01:00
Sviatoslav Sydorenko 57e7d53102
🐛Ensure the default `$PATH` value is pre-loaded
This patch imports the system-global profile script to
populate the `$PATH` variable with the typically available binary
paths.

Ref:
https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340065840
2022-12-06 23:58:05 +01:00
Sviatoslav Sydorenko 1350b8bd72
🐛 Avoid broken env vars passed by GHA from host
Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112.
2022-12-06 21:40:38 +01:00
meowmeowcat c3fbd68c15
Remove quotes
Fix #90
2022-01-13 12:50:40 +08:00
Sviatoslav Sydorenko 0575dc8eab
Refactor the hash helper script to use pathlib and CLI args 2022-01-09 00:24:29 +01:00
Sviatoslav Sydorenko 8682135dac
Correct the if-clause for printing the hashes 2022-01-09 00:05:27 +01:00
meowmeowcat 06a2dd6685 Fix bug 2022-01-08 12:21:09 +08:00
meowmeowcat 77ee113713 Move out the Python script from the shell script 2022-01-08 12:12:15 +08:00
meowmeowcat e5cc29fe08 Show hash values of files uploaded 2022-01-08 00:24:27 +08:00
Sviatoslav Sydorenko 54b39fb937
🚑 Fix referring to `$INPUT_VERBOSE` var
Resolves #41
2020-09-26 00:42:02 +02:00
Subin Modeel cf69e2047c Update twine-upload.sh 2020-09-25 13:14:20 -04:00
Christian Schmidbauer f4c7b2841d Allow wildcards in INPUT_PACKAGES_DIR 2020-07-08 15:42:31 +02:00
Sviatoslav Sydorenko 00ef3b8182
Expose `skip_existing` setting to the end-users 2020-06-19 21:30:53 +02:00
Sviatoslav Sydorenko 6a02ab807d
Add clarifying messages to annotation titles 2020-06-04 01:23:32 +02:00
Sviatoslav Sydorenko 323b1496ae
Invert quoting when rendering $INPUT_PACKAGES_DIR 2020-06-04 01:21:51 +02:00
Sviatoslav Sydorenko 328d2c65fa
Output warnings as GH Checks annotations 2020-06-04 01:06:14 +02:00
Sviatoslav Sydorenko c37b99ec5f
Merge PR #33
This change implements running dists verification before
performing actual upload. It is controlled by the input
called `verify_metadata` which is on by default.
2020-06-03 17:44:19 +02:00
Henry Schreiner 9bda1cadd0 Use metadata_verify instead of check 2020-06-03 11:05:45 -04:00
Henry Schreiner ab50aa7f47
Update twine-upload.sh
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2020-06-03 10:29:18 -04:00
Henry Schreiner 176ae50c06 feat: Add twine check before upload #30 2020-06-02 14:44:35 -04:00
Sviatoslav Sydorenko d7872a6165
Change `dist` param to `packages-dir` 2019-12-06 13:38:52 +01:00
Jesse Farebrother 4f4304928f Custom dist 2019-12-05 16:25:02 -07:00
Hugo 881f0049bd Typos and brevity 2019-09-16 14:01:16 +03:00
Sviatoslav Sydorenko 04871990d3
Print a warning if there's no dists to upload 2019-09-12 17:55:39 +02:00
Sviatoslav Sydorenko e4638127f9
Emit a warning if the token looks invalid
Resolves #9
2019-09-12 17:55:34 +02:00
Sviatoslav Sydorenko 8e9ff975ca
Protect env vars in Twine invocation 2019-08-23 13:17:10 +02:00