oidc-exchange: improve errors

Signed-off-by: William Woodruff <william@trailofbits.com>
This commit is contained in:
William Woodruff 2023-03-30 01:45:41 +09:00
parent 48b317d84d
commit 486ec8dd23
No known key found for this signature in database

View file

@ -10,6 +10,16 @@ import requests
_GITHUB_STEP_SUMMARY = Path(os.getenv("GITHUB_STEP_SUMMARY")) _GITHUB_STEP_SUMMARY = Path(os.getenv("GITHUB_STEP_SUMMARY"))
# The top-level error message that gets rendered.
# This message wraps one of the other templates/messages defined below.
_ERROR_SUMMARY_MESSAGE = """
Trusted publisher (OIDC) exchange failure:
{message}
Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/
"""
# Rendered if OIDC identity token retrieval fails for any reason. # Rendered if OIDC identity token retrieval fails for any reason.
_TOKEN_RETRIEVAL_FAILED_MESSAGE = """ _TOKEN_RETRIEVAL_FAILED_MESSAGE = """
OIDC token retrieval failed: {identity_error} OIDC token retrieval failed: {identity_error}
@ -53,7 +63,7 @@ a few minutes and try again.
def die(msg: str) -> NoReturn: def die(msg: str) -> NoReturn:
with _GITHUB_STEP_SUMMARY.open("a", encoding="utf-8") as io: with _GITHUB_STEP_SUMMARY.open("a", encoding="utf-8") as io:
print(msg, file=io) print(_ERROR_SUMMARY_MESSAGE.format(message=msg), file=io)
print(f"::error::OIDC exchange failure: {msg}", file=sys.stderr) print(f"::error::OIDC exchange failure: {msg}", file=sys.stderr)
sys.exit(1) sys.exit(1)