mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-11-09 02:13:33 -05:00
twine-upload: add a nudge for trusted publishing
Closes #164. Signed-off-by: William Woodruff <william@trailofbits.com>
This commit is contained in:
parent
54d67ed3c5
commit
be695966b0
1 changed files with 8 additions and 0 deletions
|
@ -40,6 +40,12 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')"
|
||||||
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||||
|
|
||||||
|
TRUSTED_PUBLISHING_NUDGE="::warning title=Upgrade to Trusted Publishing::\
|
||||||
|
Trusted Publishers allows publishing packages to PyPI from automated \
|
||||||
|
environments like GitHub Actions without needing to use username/password \
|
||||||
|
combinations or API tokens to authenticate with PyPI. Read more: \
|
||||||
|
https://docs.pypi.org/trusted-publishers"
|
||||||
|
|
||||||
if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
|
if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
|
||||||
# No password supplied by the user implies that we're in the OIDC flow;
|
# No password supplied by the user implies that we're in the OIDC flow;
|
||||||
# retrieve the OIDC credential and exchange it for a PyPI API token.
|
# retrieve the OIDC credential and exchange it for a PyPI API token.
|
||||||
|
@ -53,10 +59,12 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
|
||||||
echo \
|
echo \
|
||||||
'::notice::Using a user-provided API token for authentication' \
|
'::notice::Using a user-provided API token for authentication' \
|
||||||
"against ${INPUT_REPOSITORY_URL}"
|
"against ${INPUT_REPOSITORY_URL}"
|
||||||
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
else
|
else
|
||||||
echo \
|
echo \
|
||||||
'::notice::Using a username + password pair for authentication' \
|
'::notice::Using a username + password pair for authentication' \
|
||||||
"against ${INPUT_REPOSITORY_URL}"
|
"against ${INPUT_REPOSITORY_URL}"
|
||||||
|
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[
|
if [[
|
||||||
|
|
Loading…
Reference in a new issue