Merge pull request #142 from trail-of-forks/tob-indicate-oidc

Add explanation of why the OIDC publishing was chosen to the log output.
2024-09-17 18:17:07 -04:00 · 2023-04-03 02:07:09 +02:00 · 2023-04-03 02:07:09 +02:00 · 69efb8cbfb
commit 69efb8cbfb
parent 29930c9cf5 dfde872acc
2 changed files with 8 additions and 1 deletions
--- a/oidc-exchange.py
+++ b/oidc-exchange.py
@ -17,6 +17,12 @@ Trusted publisher (OIDC) exchange failure:

 {message}

+You're seeing this because the action wasn't given the inputs needed to
+perform password-based or token-based authentication. If you intended to
+perform one of those authentication methods instead of trusted
+publishing, then you should double-check your secret configuration and variable
+names.
+
 Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/
 """

--- a/twine-upload.sh
+++ b/twine-upload.sh
@ -46,7 +46,8 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
    echo \
        '::notice::Attempting to perform OIDC credential exchange' \
        'to retrieve a temporary short-lived API token for authentication' \
-        "against ${INPUT_REPOSITORY_URL}"
+        "against ${INPUT_REPOSITORY_URL} due to __token__ username with no" \
+        'supplied password field'
    INPUT_PASSWORD="$(python /app/oidc-exchange.py)"
 elif [[ "${INPUT_USER}" == '__token__' ]]; then
    echo \