Facundo Tuesca
a1ce3844ac
Check for Trusted Publishing in magic link logic
2024-09-27 20:47:02 +02:00
Facundo Tuesca
36978192ca
Add nudge message with magic link to create new Trusted Publisher
...
PR #250
Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
2024-09-05 17:25:58 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
...
PR #236
This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.
Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00
Peter Shen
67a07ebbed
Disable the progress bar when running `twine upload`
...
PR #231
Resolves #229
Co-authored-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2024-05-16 17:14:58 +02:00
William Woodruff
771d60f44b
Eliminate future tense in the password nudge in `twine-upload`
...
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI.
Signed-off-by: William Woodruff <william@trailofbits.com>
PR #234
Fixes #233
2024-05-16 17:07:28 +02:00
William Woodruff
674fb78567
twine-upload: replace notice with debug, simplify msgs
2023-12-04 20:27:16 -05:00
William Woodruff
2319287e0a
twine-upload: ::error, switch nudge order
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-11-22 17:28:02 -05:00
William Woodruff
254a0d4ec4
twine-upload: add a nudge for password auth
...
Closes #187 .
2023-11-05 23:53:52 -05:00
William Woodruff
e90e853e89
twine-upload: only nudge on PyPI-looking domains
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 12:11:56 -04:00
William Woodruff
be695966b0
twine-upload: add a nudge for trusted publishing
...
Closes #164 .
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-07-10 11:44:56 -04:00
Jaap Roes
775be49481
Remove extraneous }
2023-06-08 14:56:32 +02:00
William Woodruff
0b567d5b01
oidc-exchange, twine-upload: remove more OIDC refs
...
...but not all, since some make sense in a debugging
context.
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-03 21:32:49 +09:00
William Woodruff
dfde872acc
Apply suggestions from code review
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-04-02 22:20:08 +09:00
William Woodruff
3d567f44ce
twine-upload: expound
...
Signed-off-by: William Woodruff <william@trailofbits.com>
2023-04-01 21:09:00 +09:00
Hugo van Kemenade
65bf8a81de
Remove double spaces
2023-03-29 21:22:09 +03:00
William Woodruff
ae295504b3
twine-upload: increase detail on console notices
...
Signed-off-by: William Woodruff <william@trailofbits.com>
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-22 11:19:01 -04:00
William Woodruff
2b46bad8cb
OIDC beta support
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2023-03-15 17:08:09 -04:00
Sviatoslav Sydorenko
22b4d1f125
🐛 Make kebab options fall back for snake_case
...
The previous release didn't take into account the action defaults so
the promised fallbacks for the old input names didn't work. This patch
corrects that mistake.
2023-03-11 03:06:39 +01:00
Sviatoslav Sydorenko
f131721e84
🎨 Convert action inputs to use kebab-case
...
Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.
2023-03-11 01:24:52 +01:00
Colin Dean
efcb9babc8
🎨 Warn about empty password/token action input
...
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.
Fixes #25 .
2023-03-10 20:37:53 +01:00
Sviatoslav Sydorenko
c7f29f7ade
🐛 Override `$HOME` in the container with `/root`
...
This is necessary to let `python -m site` locate the real install
directories.
This fixes #115 — the bug caused by GitHub passing the value of
`$HOME` from the host system that does not match the container's
expectations.
2022-12-07 02:41:32 +01:00
Sviatoslav Sydorenko
e71a4a4c1d
Add support for verbose bash execusion w/ `$DEBUG`
2022-12-07 00:07:43 +01:00
Sviatoslav Sydorenko
e56e8212f4
🐛 Make `id` always available in `twine-upload`
2022-12-07 00:07:20 +01:00
Sviatoslav Sydorenko
c879b84594
🐛 Use full path to `bash` in shebang
2022-12-07 00:02:01 +01:00
Sviatoslav Sydorenko
57e7d53102
🐛 Ensure the default `$PATH` value is pre-loaded
...
This patch imports the system-global profile script to
populate the `$PATH` variable with the typically available binary
paths.
Ref:
https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340065840
2022-12-06 23:58:05 +01:00
Sviatoslav Sydorenko
1350b8bd72
🐛 Avoid broken env vars passed by GHA from host
...
Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112 .
2022-12-06 21:40:38 +01:00
meowmeowcat
c3fbd68c15
Remove quotes
...
Fix #90
2022-01-13 12:50:40 +08:00
Sviatoslav Sydorenko
0575dc8eab
Refactor the hash helper script to use pathlib and CLI args
2022-01-09 00:24:29 +01:00
Sviatoslav Sydorenko
8682135dac
Correct the if-clause for printing the hashes
2022-01-09 00:05:27 +01:00
meowmeowcat
06a2dd6685
Fix bug
2022-01-08 12:21:09 +08:00
meowmeowcat
77ee113713
Move out the Python script from the shell script
2022-01-08 12:12:15 +08:00
meowmeowcat
e5cc29fe08
Show hash values of files uploaded
2022-01-08 00:24:27 +08:00
Sviatoslav Sydorenko
54b39fb937
🚑 Fix referring to `$INPUT_VERBOSE` var
...
Resolves #41
2020-09-26 00:42:02 +02:00
Subin Modeel
cf69e2047c
Update twine-upload.sh
2020-09-25 13:14:20 -04:00
Christian Schmidbauer
f4c7b2841d
Allow wildcards in INPUT_PACKAGES_DIR
2020-07-08 15:42:31 +02:00
Sviatoslav Sydorenko
00ef3b8182
Expose `skip_existing` setting to the end-users
2020-06-19 21:30:53 +02:00
Sviatoslav Sydorenko
6a02ab807d
Add clarifying messages to annotation titles
2020-06-04 01:23:32 +02:00
Sviatoslav Sydorenko
323b1496ae
Invert quoting when rendering $INPUT_PACKAGES_DIR
2020-06-04 01:21:51 +02:00
Sviatoslav Sydorenko
328d2c65fa
Output warnings as GH Checks annotations
2020-06-04 01:06:14 +02:00
Sviatoslav Sydorenko
c37b99ec5f
Merge PR #33
...
This change implements running dists verification before
performing actual upload. It is controlled by the input
called `verify_metadata` which is on by default.
2020-06-03 17:44:19 +02:00
Henry Schreiner
9bda1cadd0
Use metadata_verify instead of check
2020-06-03 11:05:45 -04:00
Henry Schreiner
ab50aa7f47
Update twine-upload.sh
...
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
2020-06-03 10:29:18 -04:00
Henry Schreiner
176ae50c06
feat: Add twine check before upload #30
2020-06-02 14:44:35 -04:00
Sviatoslav Sydorenko
d7872a6165
Change `dist` param to `packages-dir`
2019-12-06 13:38:52 +01:00
Jesse Farebrother
4f4304928f
Custom dist
2019-12-05 16:25:02 -07:00
Hugo
881f0049bd
Typos and brevity
2019-09-16 14:01:16 +03:00
Sviatoslav Sydorenko
04871990d3
Print a warning if there's no dists to upload
2019-09-12 17:55:39 +02:00
Sviatoslav Sydorenko
e4638127f9
Emit a warning if the token looks invalid
...
Resolves #9
2019-09-12 17:55:34 +02:00
Sviatoslav Sydorenko
8e9ff975ca
Protect env vars in Twine invocation
2019-08-23 13:17:10 +02:00
Sviatoslav Sydorenko
4820c8c9b0
Fix a space position in shabang
2019-08-23 13:13:19 +02:00