From 254a0d4ec4eacf3fd4c21bdd327fdd72c45213d9 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@yossarian.net>
Date: Sun, 5 Nov 2023 23:53:52 -0500
Subject: [PATCH] twine-upload: add a nudge for password auth

Closes #187.
---
 twine-upload.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/twine-upload.sh b/twine-upload.sh
index e11c559..3f7632c 100755
--- a/twine-upload.sh
+++ b/twine-upload.sh
@@ -40,6 +40,13 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
 INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
 INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
 
+PASSWORD_DEPRECATION_NUDGE="::warning title=Password-based uploads deprecated::\
+Starting in 2024, PyPI will require all users to enable Two-Factor \
+Authentication. This will consequently require all users to switch \
+to either API tokens or Trusted Publishers (preferred) for package \
+uploads. Read more: \
+https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
+
 TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
 Trusted Publishers allows publishing packages to PyPI from automated \
 environments like GitHub Actions without needing to use username/password \
@@ -69,6 +76,7 @@ else
         "against ${INPUT_REPOSITORY_URL}"
 
     if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
+        echo "${PASSWORD_DEPRECATION_NUDGE}"
         echo "${TRUSTED_PUBLISHING_NUDGE}"
     fi
 fi