From efcb9babc8c755fa5eaf7e581749c61995268ba7 Mon Sep 17 00:00:00 2001 From: Colin Dean Date: Thu, 23 Feb 2023 11:11:08 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=8E=A8=20Warn=20about=20empty=20password/?= =?UTF-8?q?token=20action=20input?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes #25. --- twine-upload.sh | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index 74fe085..f2c6aa5 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -23,15 +23,25 @@ if [[ ! "$INPUT_PASSWORD" =~ ^pypi- ]] then - echo \ - ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \ - POTENTIALLY INVALID TOKEN \ - '<< ':: \ - It looks like you are trying to use an API token to \ - authenticate in the package index and your token value does \ - not start with '"pypi-"' as it typically should. This may \ - cause an authentication error. Please verify that you have \ - copied your token properly if such an error occurs. + if [[ -z "$INPUT_PASSWORD" ]]; then + echo \ + ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \ + EMPTY TOKEN \ + '<< ':: \ + It looks like you have not passed a password or it \ + is otherwise empty. Please verify that you have passed it \ + directly or, preferably, through a secret. + else + echo \ + ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \ + POTENTIALLY INVALID TOKEN \ + '<< ':: \ + It looks like you are trying to use an API token to \ + authenticate in the package index and your token value does \ + not start with '"pypi-"' as it typically should. This may \ + cause an authentication error. Please verify that you have \ + copied your token properly if such an error occurs. + fi fi if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \