mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-22 08:31:08 -05:00
parent
79739dc2f2
commit
254a0d4ec4
1 changed files with 8 additions and 0 deletions
|
@ -40,6 +40,13 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
|
||||||
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||||
|
|
||||||
|
PASSWORD_DEPRECATION_NUDGE="::warning title=Password-based uploads deprecated::\
|
||||||
|
Starting in 2024, PyPI will require all users to enable Two-Factor \
|
||||||
|
Authentication. This will consequently require all users to switch \
|
||||||
|
to either API tokens or Trusted Publishers (preferred) for package \
|
||||||
|
uploads. Read more: \
|
||||||
|
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
|
||||||
|
|
||||||
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
|
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
|
||||||
Trusted Publishers allows publishing packages to PyPI from automated \
|
Trusted Publishers allows publishing packages to PyPI from automated \
|
||||||
environments like GitHub Actions without needing to use username/password \
|
environments like GitHub Actions without needing to use username/password \
|
||||||
|
@ -69,6 +76,7 @@ else
|
||||||
"against ${INPUT_REPOSITORY_URL}"
|
"against ${INPUT_REPOSITORY_URL}"
|
||||||
|
|
||||||
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||||
|
echo "${PASSWORD_DEPRECATION_NUDGE}"
|
||||||
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue