actions/gh-action-pypi-publish
Template
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish synced 2024-11-30 21:22:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: actions:27b89d947d00527b26d99b66a3c456a74057c9a3
Branches Tags
actions:unstable/v1
actions:release/v1
actions:release/v1.12
actions:release/v1.11
actions:release/v1.10
actions:release/v1.9
actions:pre-commit-ci-update-config
actions:release/v1.8
actions:master
actions:release/v1.7
actions:release/v1.6
actions:release/v1.5
actions:release/v1.4
actions:v1.12.2
actions:v1.12.1
actions:v1.12.0
actions:v1.11.0
actions:v1.10.3
actions:v1.10.2
actions:v1.10.1
actions:v1.10.0
actions:v1.9.0
actions:v1.8.14
actions:v1.8.13
actions:v1.8.12
actions:v1.8.11
actions:v1.8.10
actions:v1.8.9
actions:v1.8.8
actions:v1.8.7
actions:v1.8.6
actions:v1.8.5
actions:v1.8.4
actions:v1.8.3
actions:v1.8.2
actions:v1.8.1
actions:v1.8.0
actions:v1.7.1
actions:v1.7.0
actions:v1.6.5
actions:v1.6.4
actions:v1.6.3
actions:v1.6.2
actions:v1.6.1
actions:v1.6.0
actions:v1.5.2
actions:v1.5.1
actions:v1.5.0
actions:v1.4.2
actions:v1.4.1
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.2
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.0a0
...
compare: actions:2264806ebfb41b75165ad0d42a284492de9071a9
Branches Tags
actions:unstable/v1
actions:release/v1
actions:release/v1.12
actions:release/v1.11
actions:release/v1.10
actions:release/v1.9
actions:pre-commit-ci-update-config
actions:release/v1.8
actions:master
actions:release/v1.7
actions:release/v1.6
actions:release/v1.5
actions:release/v1.4
actions:v1.12.2
actions:v1.12.1
actions:v1.12.0
actions:v1.11.0
actions:v1.10.3
actions:v1.10.2
actions:v1.10.1
actions:v1.10.0
actions:v1.9.0
actions:v1.8.14
actions:v1.8.13
actions:v1.8.12
actions:v1.8.11
actions:v1.8.10
actions:v1.8.9
actions:v1.8.8
actions:v1.8.7
actions:v1.8.6
actions:v1.8.5
actions:v1.8.4
actions:v1.8.3
actions:v1.8.2
actions:v1.8.1
actions:v1.8.0
actions:v1.7.1
actions:v1.7.0
actions:v1.6.5
actions:v1.6.4
actions:v1.6.3
actions:v1.6.2
actions:v1.6.1
actions:v1.6.0
actions:v1.5.2
actions:v1.5.1
actions:v1.5.0
actions:v1.4.2
actions:v1.4.1
actions:v1.4.0
actions:v1.3.1
actions:v1.3.0
actions:v1.2.2
actions:v1.2.1
actions:v1.2.0
actions:v1.1.0
actions:v1.0.0a0

4 Commits
27b89d947d ... 2264806ebf

Author SHA1 Message Date
Brendon Smith
2264806ebf
Merge 8a35517545 into 218af422c0 2024-11-26 00:31:22 +01:00
🇺🇦 Sviatoslav Sydorenko (Святослав Сидоренко)
218af422c0
Merge pull request #305 from trail-of-forks/ww/debug-workflow-ref 2024-11-24 03:01:28 +01:00
William Woodruff
7c5c585c36
oidc-exchange: add workflow_ref to debug msg 
Signed-off-by: William Woodruff <william@trailofbits.com>
 2024-11-22 12:58:46 -05:00
Brendon Smith
8a35517545
Support nested composite actions 
To reference metadata about composite actions, GitHub Actions provides
the `github.action_` context, including `github.action_path`,
`github.action_ref`, and `github.action_repository`.

GitHub Actions supports nested composite actions with a recursion limit
of 9 (9 nested composite actions). Unfortunately `github.action_` values
are not propagated correctly when running nested composite actions.
This is a bug in the GitHub Actions runner.

The suggested workaround is to use inputs to set the correct values.
This commit will implement the suggested workaround.

https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/accessing-contextual-information-about-workflow-runs#github-context
https://github.com/actions/runner/issues/2473#issuecomment-1776029708
https://github.com/pypa/gh-action-pypi-publish/issues/299
 2024-11-11 22:43:13 -05:00
2 changed files with 20 additions and 2 deletions
Show Stats Expand all files Collapse all files

20
action.yml
View File

@ -87,6 +87,20 @@ inputs:
Only works with PyPI and TestPyPI via Trusted Publishing. Only works with PyPI and TestPyPI via Trusted Publishing.
required: false required: false
default: 'true' default: 'true'
action_repository:
description: >-
[EXPERIMENTAL]
Set action repository to work around bug in nested composite actions
https://github.com/actions/runner/issues/2473
required: false
default: ${{ github.action_repository }}
action_ref:
description: >-
[EXPERIMENTAL]
Set action ref to work around bug in nested composite actions
https://github.com/actions/runner/issues/2473
required: false
default: ${{ github.action_ref }}
branding: branding:
color: yellow color: yellow
icon: upload-cloud icon: upload-cloud
@ -116,17 +130,19 @@ runs:
run: | run: |
# Set repo and ref from which to run Docker container action # Set repo and ref from which to run Docker container action
# to handle cases in which `github.action_` context is not set # to handle cases in which `github.action_` context is not set
# or set properly for nested composite actions
# https://github.com/actions/runner/issues/2473 # https://github.com/actions/runner/issues/2473
REF=${{ env.ACTION_REF || env.PR_REF || github.ref_name }} REF=${{ env.ACTION_REF || env.PR_REF || github.ref_name }}
REPO=${{ env.ACTION_REPO || env.PR_REPO || github.repository }} REPO=${{ env.ACTION_REPO || env.PR_REPO || github.repository }}
REPO_ID=${{ env.PR_REPO_ID || github.repository_id }} REPO_ID=${{ env.PR_REPO_ID || github.repository_id }}
echo "action-path=$ACTION_PATH" >>"$GITHUB_OUTPUT"
echo "ref=$REF" >>"$GITHUB_OUTPUT" echo "ref=$REF" >>"$GITHUB_OUTPUT"
echo "repo=$REPO" >>"$GITHUB_OUTPUT" echo "repo=$REPO" >>"$GITHUB_OUTPUT"
echo "repo-id=$REPO_ID" >>"$GITHUB_OUTPUT" echo "repo-id=$REPO_ID" >>"$GITHUB_OUTPUT"
shell: bash shell: bash
env: env:
ACTION_REF: ${{ github.action_ref }} ACTION_REF: ${{ inputs.action_ref }}
ACTION_REPO: ${{ github.action_repository }} ACTION_REPO: ${{ inputs.action_repository }}
PR_REF: ${{ github.event.pull_request.head.ref }} PR_REF: ${{ github.event.pull_request.head.ref }}
PR_REPO: ${{ github.event.pull_request.head.repo.full_name }} PR_REPO: ${{ github.event.pull_request.head.repo.full_name }}
PR_REPO_ID: ${{ github.event.pull_request.base.repo.id }} PR_REPO_ID: ${{ github.event.pull_request.base.repo.id }}

2
oidc-exchange.py
View File

@ -83,6 +83,7 @@ If a claim is not present in the claim set, then it is rendered as `MISSING`.
* `repository`: `{repository}` * `repository`: `{repository}`
* `repository_owner`: `{repository_owner}` * `repository_owner`: `{repository_owner}`
* `repository_owner_id`: `{repository_owner_id}` * `repository_owner_id`: `{repository_owner_id}`
* `workflow_ref`: `{workflow_ref}`
* `job_workflow_ref`: `{job_workflow_ref}` * `job_workflow_ref`: `{job_workflow_ref}`
* `ref`: `{ref}` * `ref`: `{ref}`
@ -175,6 +176,7 @@ def render_claims(token: str) -> str:
repository=_get('repository'), repository=_get('repository'),
repository_owner=_get('repository_owner'), repository_owner=_get('repository_owner'),
repository_owner_id=_get('repository_owner_id'), repository_owner_id=_get('repository_owner_id'),
workflow_ref=_get('workflow_ref'),
job_workflow_ref=_get('job_workflow_ref'), job_workflow_ref=_get('job_workflow_ref'),
ref=_get('ref'), ref=_get('ref'),
) )