twine-upload: only nudge on PyPI-looking domains

Signed-off-by: William Woodruff <william@trailofbits.com>
This commit is contained in:
William Woodruff 2023-07-10 12:11:56 -04:00
parent be695966b0
commit e90e853e89
No known key found for this signature in database

View file

@ -59,13 +59,19 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
echo \ echo \
'::notice::Using a user-provided API token for authentication' \ '::notice::Using a user-provided API token for authentication' \
"against ${INPUT_REPOSITORY_URL}" "against ${INPUT_REPOSITORY_URL}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}" echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
else else
echo \ echo \
'::notice::Using a username + password pair for authentication' \ '::notice::Using a username + password pair for authentication' \
"against ${INPUT_REPOSITORY_URL}" "against ${INPUT_REPOSITORY_URL}"
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}" echo "${TRUSTED_PUBLISHING_NUDGE}"
fi fi
fi
if [[ if [[
"$INPUT_USER" == "__token__" && "$INPUT_USER" == "__token__" &&