🎨 Warn about empty password/token action input

Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes #25.
This commit is contained in:
Colin Dean 2023-02-23 11:11:08 -05:00 committed by Sviatoslav Sydorenko
parent d2ce3ec872
commit efcb9babc8
No known key found for this signature in database
GPG key ID: 9345E8FEA89CA455

View file

@ -23,15 +23,25 @@ if [[
! "$INPUT_PASSWORD" =~ ^pypi- ! "$INPUT_PASSWORD" =~ ^pypi-
]] ]]
then then
echo \ if [[ -z "$INPUT_PASSWORD" ]]; then
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \ echo \
POTENTIALLY INVALID TOKEN \ ::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
'<< ':: \ EMPTY TOKEN \
It looks like you are trying to use an API token to \ '<< ':: \
authenticate in the package index and your token value does \ It looks like you have not passed a password or it \
not start with '"pypi-"' as it typically should. This may \ is otherwise empty. Please verify that you have passed it \
cause an authentication error. Please verify that you have \ directly or, preferably, through a secret.
copied your token properly if such an error occurs. else
echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
POTENTIALLY INVALID TOKEN \
'<< ':: \
It looks like you are trying to use an API token to \
authenticate in the package index and your token value does \
not start with '"pypi-"' as it typically should. This may \
cause an authentication error. Please verify that you have \
copied your token properly if such an error occurs.
fi
fi fi
if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \ if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \