actions/pypi-publish
1
0
Fork 0
mirror of https://github.com/pypa/gh-action-pypi-publish.git synced 2024-10-05 19:04:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check for Trusted Publishing in magic link logic

Browse source
This commit is contained in:
Facundo Tuesca 2024-09-27 20:47:02 +02:00
parent 897895f1e1
commit a1ce3844ac
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
twine-upload.sh
View file

@ -73,7 +73,11 @@ MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\
A new Trusted Publisher for the currently running publishing workflow can be created \
by accessing the following link(s) while logged-in as an owner of the package(s):"
if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then
[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \
&& TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false
if [[ "${TRUSTED_PUBLISHING}" == true || ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then
TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE=""
else
if [[ "${INPUT_REPOSITORY_URL}" =~ test\.pypi\.org ]] ; then
@ -90,8 +94,6 @@ else
echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY
fi
[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \
&& TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false
if [[ "${INPUT_ATTESTATIONS}" != "false" ]] ; then
# Setting `attestations: true` without Trusted Publishing indicates