From a1ce3844ac33bd8deec3df588c16ea681915ab7e Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Fri, 27 Sep 2024 20:47:02 +0200 Subject: [PATCH 1/2] Check for Trusted Publishing in magic link logic --- twine-upload.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index fce4517..98d41b1 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -73,7 +73,11 @@ MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\ A new Trusted Publisher for the currently running publishing workflow can be created \ by accessing the following link(s) while logged-in as an owner of the package(s):" -if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then + +[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \ + && TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false + +if [[ "${TRUSTED_PUBLISHING}" == true || ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="" else if [[ "${INPUT_REPOSITORY_URL}" =~ test\.pypi\.org ]] ; then @@ -90,8 +94,6 @@ else echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY fi -[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \ - && TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false if [[ "${INPUT_ATTESTATIONS}" != "false" ]] ; then # Setting `attestations: true` without Trusted Publishing indicates From d8c894824be9b682f2c96437e9f8002633580706 Mon Sep 17 00:00:00 2001 From: Facundo Tuesca Date: Fri, 27 Sep 2024 20:47:50 +0200 Subject: [PATCH 2/2] Fix magic link nudge formatting in job summary --- twine-upload.sh | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index 98d41b1..482e266 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -69,9 +69,9 @@ The workflow was run with 'attestations: true' input, but the specified \ repository URL does not support PEP 740 attestations. As a result, the \ attestations input is ignored." -MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\ -A new Trusted Publisher for the currently running publishing workflow can be created \ -by accessing the following link(s) while logged-in as an owner of the package(s):" +MAGIC_LINK_MESSAGE="A new Trusted Publisher for the currently running \ +publishing workflow can be created by accessing the following link(s) while \ +logged-in as an owner of the package(s):" [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \ @@ -90,10 +90,14 @@ else LINK="- ${INDEX_URL}/manage/project/${PACKAGE_NAME}/settings/publishing/?provider=github&owner=${GITHUB_REPOSITORY_OWNER}&repository=${REPOSITORY_NAME}&workflow_filename=${WORKFLOW_FILENAME}" ALL_LINKS+="$LINK"$'\n' done - TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="${MAGIC_LINK_MESSAGE}"$'\n'"${ALL_LINKS}" - echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY -fi + # Construct the summary message without the warning header + MAGIC_LINK_MESSAGE_WITH_LINKS="${MAGIC_LINK_MESSAGE}"$'\n'"${ALL_LINKS}" + echo "${MAGIC_LINK_MESSAGE_WITH_LINKS}" >> $GITHUB_STEP_SUMMARY + + # The actual nudge in the log is formatted as a warning + TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="::warning title=Create a Trusted Publisher::${MAGIC_LINK_MESSAGE_WITH_LINKS}" +fi if [[ "${INPUT_ATTESTATIONS}" != "false" ]] ; then # Setting `attestations: true` without Trusted Publishing indicates