From 67b747a9c83c5d2526d31259d1479f46210ffd0e Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Sat, 1 Apr 2023 14:41:16 +0900 Subject: [PATCH 1/3] oidc-exchange: more explanation Signed-off-by: William Woodruff --- oidc-exchange.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/oidc-exchange.py b/oidc-exchange.py index 0e05887..52bee14 100644 --- a/oidc-exchange.py +++ b/oidc-exchange.py @@ -17,6 +17,12 @@ Trusted publisher (OIDC) exchange failure: {message} +You're seeing this because the action wasn't given the inputs needed to +perform password-based or token-based authentication. If you intended to +perform one of those authentication methods instead of trusted +publishing, then you should double-check your secret configuration and variable +names. + Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/ """ From 3d567f44ce3fb3bbcf9248d05726c6c9f811b67f Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Sat, 1 Apr 2023 21:09:00 +0900 Subject: [PATCH 2/3] twine-upload: expound Signed-off-by: William Woodruff --- twine-upload.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 63a6564..7f88692 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -46,7 +46,8 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then echo \ '::notice::Attempting to perform OIDC credential exchange' \ 'to retrieve a temporary short-lived API token for authentication' \ - "against ${INPUT_REPOSITORY_URL}" + "against ${INPUT_REPOSITORY_URL} due to __token__ username with no " \ + 'supplied password field' INPUT_PASSWORD="$(python /app/oidc-exchange.py)" elif [[ "${INPUT_USER}" == '__token__' ]]; then echo \ From dfde872acc38fce52eaf13748aaaa11845c89228 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Sun, 2 Apr 2023 22:20:08 +0900 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Sviatoslav Sydorenko --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 7f88692..f38d429 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -46,7 +46,7 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then echo \ '::notice::Attempting to perform OIDC credential exchange' \ 'to retrieve a temporary short-lived API token for authentication' \ - "against ${INPUT_REPOSITORY_URL} due to __token__ username with no " \ + "against ${INPUT_REPOSITORY_URL} due to __token__ username with no" \ 'supplied password field' INPUT_PASSWORD="$(python /app/oidc-exchange.py)" elif [[ "${INPUT_USER}" == '__token__' ]]; then