mirror of
https://github.com/pypa/gh-action-pypi-publish.git
synced 2024-08-25 23:17:09 -04:00
efcb9babc8
Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes #25.
80 lines
2.6 KiB
Bash
Executable file
80 lines
2.6 KiB
Bash
Executable file
#! /bin/bash
|
|
|
|
if [[ -n "${DEBUG}" ]]
|
|
then
|
|
set -x
|
|
fi
|
|
|
|
set -Eeuo pipefail
|
|
|
|
|
|
# NOTE: These variables are needed to combat GitHub passing broken env vars
|
|
# NOTE: from the runner VM host runtime.
|
|
# Ref: https://github.com/pypa/gh-action-pypi-publish/issues/112
|
|
export HOME="/root" # So that `python -m site` doesn't get confused
|
|
export PATH="/usr/bin:${PATH}" # To find `id`
|
|
. /etc/profile # Makes python and other executables findable
|
|
export PATH="$(python -m site --user-base)/bin:${PATH}"
|
|
export PYTHONPATH="$(python -m site --user-site):${PYTHONPATH}"
|
|
|
|
|
|
if [[
|
|
"$INPUT_USER" == "__token__" &&
|
|
! "$INPUT_PASSWORD" =~ ^pypi-
|
|
]]
|
|
then
|
|
if [[ -z "$INPUT_PASSWORD" ]]; then
|
|
echo \
|
|
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
|
|
EMPTY TOKEN \
|
|
'<< ':: \
|
|
It looks like you have not passed a password or it \
|
|
is otherwise empty. Please verify that you have passed it \
|
|
directly or, preferably, through a secret.
|
|
else
|
|
echo \
|
|
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
|
|
POTENTIALLY INVALID TOKEN \
|
|
'<< ':: \
|
|
It looks like you are trying to use an API token to \
|
|
authenticate in the package index and your token value does \
|
|
not start with '"pypi-"' as it typically should. This may \
|
|
cause an authentication error. Please verify that you have \
|
|
copied your token properly if such an error occurs.
|
|
fi
|
|
fi
|
|
|
|
if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \
|
|
! ls -A ${INPUT_PACKAGES_DIR%%/}/*.whl &> /dev/null )
|
|
then
|
|
echo \
|
|
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
|
|
MISSING DISTS \
|
|
'<< ':: \
|
|
It looks like there are no Python distribution packages to \
|
|
publish in the directory "'${INPUT_PACKAGES_DIR%%/}/'". \
|
|
Please verify that they are in place should you face this \
|
|
problem.
|
|
fi
|
|
|
|
if [[ ${INPUT_VERIFY_METADATA,,} != "false" ]] ; then
|
|
twine check ${INPUT_PACKAGES_DIR%%/}/*
|
|
fi
|
|
|
|
TWINE_EXTRA_ARGS=
|
|
if [[ ${INPUT_SKIP_EXISTING,,} != "false" ]] ; then
|
|
TWINE_EXTRA_ARGS=--skip-existing
|
|
fi
|
|
|
|
if [[ ${INPUT_VERBOSE,,} != "false" ]] ; then
|
|
TWINE_EXTRA_ARGS="--verbose $TWINE_EXTRA_ARGS"
|
|
fi
|
|
|
|
if [[ ${INPUT_PRINT_HASH,,} != "false" || ${INPUT_VERBOSE,,} != "false" ]] ; then
|
|
python /app/print-hash.py ${INPUT_PACKAGES_DIR%%/}
|
|
fi
|
|
|
|
TWINE_USERNAME="$INPUT_USER" \
|
|
TWINE_PASSWORD="$INPUT_PASSWORD" \
|
|
TWINE_REPOSITORY_URL="$INPUT_REPOSITORY_URL" \
|
|
exec twine upload ${TWINE_EXTRA_ARGS} ${INPUT_PACKAGES_DIR%%/}/*
|