actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-11-22 16:41:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

twine-upload: add a nudge for password auth

Browse source 
Closes #187.
This commit is contained in:
William Woodruff 2023-11-05 23:53:52 -05:00
parent 79739dc2f2
commit 254a0d4ec4
No known key found for this signature in database
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
twine-upload.sh
View file

@ -40,6 +40,13 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')" INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')" INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
PASSWORD_DEPRECATION_NUDGE="::warning title=Password-based uploads deprecated::\
Starting in 2024, PyPI will require all users to enable Two-Factor \
Authentication. This will consequently require all users to switch \
to either API tokens or Trusted Publishers (preferred) for package \
uploads. Read more: \
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\ TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
Trusted Publishers allows publishing packages to PyPI from automated \ Trusted Publishers allows publishing packages to PyPI from automated \
environments like GitHub Actions without needing to use username/password \ environments like GitHub Actions without needing to use username/password \
@ -69,6 +76,7 @@ else
"against ${INPUT_REPOSITORY_URL}" "against ${INPUT_REPOSITORY_URL}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${PASSWORD_DEPRECATION_NUDGE}"
echo "${TRUSTED_PUBLISHING_NUDGE}" echo "${TRUSTED_PUBLISHING_NUDGE}"
fi fi
fi fi