Merge pull request #167 from trail-of-forks/tob-nudge

This commit is contained in:
Sviatoslav Sydorenko 2023-07-12 02:43:50 +02:00 committed by GitHub
commit 68276eb3e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -40,6 +40,12 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')" INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')" INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
Trusted Publishers allows publishing packages to PyPI from automated \
environments like GitHub Actions without needing to use username/password \
combinations or API tokens to authenticate with PyPI. Read more: \
https://docs.pypi.org/trusted-publishers"
if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
# No password supplied by the user implies that we're in the OIDC flow; # No password supplied by the user implies that we're in the OIDC flow;
# retrieve the OIDC credential and exchange it for a PyPI API token. # retrieve the OIDC credential and exchange it for a PyPI API token.
@ -53,10 +59,18 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
echo \ echo \
'::notice::Using a user-provided API token for authentication' \ '::notice::Using a user-provided API token for authentication' \
"against ${INPUT_REPOSITORY_URL}" "against ${INPUT_REPOSITORY_URL}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
else else
echo \ echo \
'::notice::Using a username + password pair for authentication' \ '::notice::Using a username + password pair for authentication' \
"against ${INPUT_REPOSITORY_URL}" "against ${INPUT_REPOSITORY_URL}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
fi fi
if [[ if [[