mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-21 16:11:01 -05:00
Eliminate future tense in the password nudge in twine-upload
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI. Signed-off-by: William Woodruff <william@trailofbits.com> PR #234 Fixes #233
This commit is contained in:
parent
04f4e64de3
commit
771d60f44b
1 changed files with 4 additions and 3 deletions
|
@ -40,9 +40,9 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
|
|||
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||
|
||||
PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\
|
||||
Starting in 2024, PyPI will require all users to enable Two-Factor \
|
||||
Authentication. This will consequently require all users to switch \
|
||||
PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\
|
||||
As of 2024, PyPI requires all users to enable Two-Factor \
|
||||
Authentication. This consequently requires all users to switch \
|
||||
to either Trusted Publishers (preferred) or API tokens for package \
|
||||
uploads. Read more: \
|
||||
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
|
||||
|
@ -74,6 +74,7 @@ else
|
|||
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||
echo "${PASSWORD_DEPRECATION_NUDGE}"
|
||||
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in a new issue