mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-22 00:21:08 -05:00
Eliminate future tense in the password nudge in twine-upload
Additionally, this turns the corresponding code branch into a hard error in case of the regular PyPI. Signed-off-by: William Woodruff <william@trailofbits.com> PR #234 Fixes #233
This commit is contained in:
parent
04f4e64de3
commit
771d60f44b
1 changed files with 4 additions and 3 deletions
|
@ -40,9 +40,9 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
|
||||||
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||||
|
|
||||||
PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\
|
PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\
|
||||||
Starting in 2024, PyPI will require all users to enable Two-Factor \
|
As of 2024, PyPI requires all users to enable Two-Factor \
|
||||||
Authentication. This will consequently require all users to switch \
|
Authentication. This consequently requires all users to switch \
|
||||||
to either Trusted Publishers (preferred) or API tokens for package \
|
to either Trusted Publishers (preferred) or API tokens for package \
|
||||||
uploads. Read more: \
|
uploads. Read more: \
|
||||||
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
|
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"
|
||||||
|
@ -74,6 +74,7 @@ else
|
||||||
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||||
echo "${PASSWORD_DEPRECATION_NUDGE}"
|
echo "${PASSWORD_DEPRECATION_NUDGE}"
|
||||||
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
|
exit 1
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue