🎨 Warn about empty password/token action input

Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes #25.
This commit is contained in:
Colin Dean 2023-02-23 11:11:08 -05:00 committed by Sviatoslav Sydorenko
parent d2ce3ec872
commit efcb9babc8
No known key found for this signature in database
GPG key ID: 9345E8FEA89CA455

View file

@ -23,6 +23,15 @@ if [[
! "$INPUT_PASSWORD" =~ ^pypi- ! "$INPUT_PASSWORD" =~ ^pypi-
]] ]]
then then
if [[ -z "$INPUT_PASSWORD" ]]; then
echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
EMPTY TOKEN \
'<< ':: \
It looks like you have not passed a password or it \
is otherwise empty. Please verify that you have passed it \
directly or, preferably, through a secret.
else
echo \ echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \ ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
POTENTIALLY INVALID TOKEN \ POTENTIALLY INVALID TOKEN \
@ -32,6 +41,7 @@ then
not start with '"pypi-"' as it typically should. This may \ not start with '"pypi-"' as it typically should. This may \
cause an authentication error. Please verify that you have \ cause an authentication error. Please verify that you have \
copied your token properly if such an error occurs. copied your token properly if such an error occurs.
fi
fi fi
if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \ if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \