pypi-publish/twine-upload.sh

#! /bin/bash

if [[ -n "${DEBUG}" ]]
then
    set -x
fi

set -Eeuo pipefail


# NOTE: These variables are needed to combat GitHub passing broken env vars
# NOTE: from the runner VM host runtime.
# Ref: https://github.com/pypa/gh-action-pypi-publish/issues/112
export HOME="/root"  # So that `python -m site` doesn't get confused
export PATH="/usr/bin:${PATH}"  # To find `id`
. /etc/profile  # Makes python and other executables findable
export PATH="$(python -m site --user-base)/bin:${PATH}"
export PYTHONPATH="$(python -m site --user-site):${PYTHONPATH}"


if [[
    "$INPUT_USER" == "__token__" &&
    ! "$INPUT_PASSWORD" =~ ^pypi-
  ]]
then
    if [[ -z "$INPUT_PASSWORD" ]]; then
        echo \
            ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
            EMPTY TOKEN \
            '<< ':: \
            It looks like you have not passed a password or it \
            is otherwise empty. Please verify that you have passed it \
            directly or, preferably, through a secret.
    else
        echo \
            ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
            POTENTIALLY INVALID TOKEN \
            '<< ':: \
            It looks like you are trying to use an API token to \
            authenticate in the package index and your token value does \
            not start with '"pypi-"' as it typically should. This may \
            cause an authentication error. Please verify that you have \
            copied your token properly if such an error occurs.
    fi
fi

if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \
     ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.whl &> /dev/null )
then
    echo \
        ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
        MISSING DISTS \
        '<< ':: \
        It looks like there are no Python distribution packages to \
        publish in the directory "'${INPUT_PACKAGES_DIR%%/}/'". \
        Please verify that they are in place should you face this \
        problem.
fi

if [[ ${INPUT_VERIFY_METADATA,,} != "false" ]] ; then
    twine check ${INPUT_PACKAGES_DIR%%/}/*
fi

TWINE_EXTRA_ARGS=
if [[ ${INPUT_SKIP_EXISTING,,} != "false" ]] ; then
    TWINE_EXTRA_ARGS=--skip-existing
fi

if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
    TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
fi

if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
    python /app/print-hash.py ${INPUT_PACKAGES_DIR%%/}
fi

TWINE_USERNAME="$INPUT_USER" \
TWINE_PASSWORD="$INPUT_PASSWORD" \
TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \
  exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/*
🐛 Use full path to `bash` in shebang 2022-12-06 18:02:01 -05:00			`#! /bin/bash`

Add support for verbose bash execusion w/ `$DEBUG` 2022-12-06 18:07:43 -05:00			`if [[ -n "${DEBUG}" ]]`
			`then`
			`set -x`
			`fi`

Adapt to new yml based github actions Co-Authored-By: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua> Co-Authored-By: Pradyun Gedam <pradyunsg@gmail.com> 2019-08-20 16:48:52 -04:00			`set -Eeuo pipefail`

Emit a warning if the token looks invalid Resolves #9 2019-09-12 08:38:56 -04:00
🐛 Avoid broken env vars passed by GHA from host Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112. 2022-12-06 15:40:38 -05:00			`# NOTE: These variables are needed to combat GitHub passing broken env vars`
			`# NOTE: from the runner VM host runtime.`
			`# Ref: https://github.com/pypa/gh-action-pypi-publish/issues/112`
🐛 Override `$HOME` in the container with `/root` This is necessary to let `python -m site` locate the real install directories. This fixes #115 — the bug caused by GitHub passing the value of `$HOME` from the host system that does not match the container's expectations. 2022-12-06 20:41:32 -05:00			export HOME="/root" # So that `python -m site` doesn't get confused
🐛 Make `id` always available in `twine-upload` 2022-12-06 18:07:20 -05:00			export PATH="/usr/bin:${PATH}" # To find `id`
🐛Ensure the default `$PATH` value is pre-loaded This patch imports the system-global profile script to populate the `$PATH` variable with the typically available binary paths. Ref: https://github.com/pypa/gh-action-pypi-publish/issues/112#issuecomment-1340065840 2022-12-06 17:55:06 -05:00			`. /etc/profile # Makes python and other executables findable`
🐛 Avoid broken env vars passed by GHA from host Fixes https://github.com/pypa/gh-action-pypi-publish/issues/112. 2022-12-06 15:40:38 -05:00			`export PATH="$(python -m site --user-base)/bin:${PATH}"`
			`export PYTHONPATH="$(python -m site --user-site):${PYTHONPATH}"`


Emit a warning if the token looks invalid Resolves #9 2019-09-12 08:38:56 -04:00			`if [[`
			`"$INPUT_USER" == "__token__" &&`
			`! "$INPUT_PASSWORD" =~ ^pypi-`
			`]]`
			`then`
🎨 Warn about empty password/token action input Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes #25. 2023-02-23 11:11:08 -05:00			`if [[ -z "$INPUT_PASSWORD" ]]; then`
			`echo \`
			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`EMPTY TOKEN \`
			`'<< ':: \`
			`It looks like you have not passed a password or it \`
			`is otherwise empty. Please verify that you have passed it \`
			`directly or, preferably, through a secret.`
			`else`
			`echo \`
			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`POTENTIALLY INVALID TOKEN \`
			`'<< ':: \`
			`It looks like you are trying to use an API token to \`
			`authenticate in the package index and your token value does \`
			`not start with '"pypi-"' as it typically should. This may \`
			`cause an authentication error. Please verify that you have \`
			`copied your token properly if such an error occurs.`
			`fi`
Emit a warning if the token looks invalid Resolves #9 2019-09-12 08:38:56 -04:00			`fi`

Allow wildcards in INPUT_PACKAGES_DIR 2020-06-28 05:43:30 -04:00			`if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \`
			`! ls -A ${INPUT_PACKAGES_DIR%%/}/*.whl &> /dev/null )`
Print a warning if there's no dists to upload 2019-09-12 11:53:53 -04:00			`then`
Output warnings as GH Checks annotations 2020-06-03 19:06:14 -04:00			`echo \`
Add clarifying messages to annotation titles 2020-06-03 19:23:32 -04:00			`::warning file='# >>' PyPA publish to PyPI GHA'%3A' \`
			`MISSING DISTS \`
			`'<< ':: \`
Typos and brevity 2019-09-16 07:01:16 -04:00			`It looks like there are no Python distribution packages to \`
Invert quoting when rendering $INPUT_PACKAGES_DIR 2020-06-03 19:21:51 -04:00			`publish in the directory "'${INPUT_PACKAGES_DIR%%/}/'". \`
Output warnings as GH Checks annotations 2020-06-03 19:06:14 -04:00			`Please verify that they are in place should you face this \`
			`problem.`
Print a warning if there's no dists to upload 2019-09-12 11:53:53 -04:00			`fi`

Use metadata_verify instead of check 2020-06-03 11:04:52 -04:00			`if [[ ${INPUT_VERIFY_METADATA,,} != "false" ]] ; then`
Merge PR #33 This change implements running dists verification before performing actual upload. It is controlled by the input called `verify_metadata` which is on by default. 2020-06-03 11:40:16 -04:00			`twine check ${INPUT_PACKAGES_DIR%%/}/*`
feat: Add twine check before upload #30 2020-06-02 11:08:43 -04:00			`fi`

Expose `skip_existing` setting to the end-users 2020-06-19 15:30:53 -04:00			`TWINE_EXTRA_ARGS=`
			`if [[ ${INPUT_SKIP_EXISTING,,} != "false" ]] ; then`
			`TWINE_EXTRA_ARGS=--skip-existing`
			`fi`

🚑 Fix referring to `$INPUT_VERBOSE` var Resolves #41 2020-09-25 18:42:02 -04:00			`if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then`
Update twine-upload.sh 2020-09-15 00:31:21 -04:00			`TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"`
			`fi`
Emit a warning if the token looks invalid Resolves #9 2019-09-12 08:38:56 -04:00
Correct the if-clause for printing the hashes 2022-01-08 18:05:27 -05:00			`if [[ ${INPUT_PRINT_HASH,,} != "false" \|\| ${INPUT_VERBOSE,,} != "false" ]] ; then`
Remove quotes Fix #90 2022-01-12 23:50:40 -05:00			`python /app/print-hash.py ${INPUT_PACKAGES_DIR%%/}`
Move out the Python script from the shell script 2022-01-07 23:12:15 -05:00			`fi`

Protect env vars in Twine invocation 2019-08-23 07:17:10 -04:00			`TWINE_USERNAME="$INPUT_USER" \`
			`TWINE_PASSWORD="$INPUT_PASSWORD" \`
			`TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \`
Expose `skip_existing` setting to the end-users 2020-06-19 15:30:53 -04:00			`exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/*`