mirror of
https://gitcode.com/gh_mirrors/gh/gh-action-pypi-publish.git
synced 2026-07-02 18:27:49 +00:00
Add nudge message with magic link to create new Trusted Publisher
PR #250 Co-authored-by: Sviatoslav Sydorenko <sviat@redhat.com>
This commit is contained in:
@@ -41,6 +41,11 @@ INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')"
|
||||
INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')"
|
||||
INPUT_ATTESTATIONS="$(get-normalized-input 'attestations')"
|
||||
|
||||
REPOSITORY_NAME="$(echo ${GITHUB_REPOSITORY} | cut -d'/' -f2)"
|
||||
WORKFLOW_FILENAME="$(echo ${GITHUB_WORKFLOW_REF} | cut -d'/' -f5- | cut -d'@' -f1)"
|
||||
PACKAGE_NAMES=()
|
||||
while IFS='' read -r line; do PACKAGE_NAMES+=("$line"); done < <(python /app/print-pkg-names.py "${INPUT_PACKAGES_DIR%%/}")
|
||||
|
||||
PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\
|
||||
As of 2024, PyPI requires all users to enable Two-Factor \
|
||||
Authentication. This consequently requires all users to switch \
|
||||
@@ -64,6 +69,27 @@ The workflow was run with 'attestations: true' input, but the specified \
|
||||
repository URL does not support PEP 740 attestations. As a result, the \
|
||||
attestations input is ignored."
|
||||
|
||||
MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\
|
||||
A new Trusted Publisher for the currently running publishing workflow can be created \
|
||||
by accessing the following link(s) while logged-in as an owner of the package(s):"
|
||||
|
||||
if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then
|
||||
TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE=""
|
||||
else
|
||||
if [[ "${INPUT_REPOSITORY_URL}" =~ test\.pypi\.org ]] ; then
|
||||
INDEX_URL="https://test.pypi.org"
|
||||
else
|
||||
INDEX_URL="https://pypi.org"
|
||||
fi
|
||||
ALL_LINKS=""
|
||||
for PACKAGE_NAME in "${PACKAGE_NAMES[@]}"; do
|
||||
LINK="- ${INDEX_URL}/manage/project/${PACKAGE_NAME}/settings/publishing/?provider=github&owner=${GITHUB_REPOSITORY_OWNER}&repository=${REPOSITORY_NAME}&workflow_filename=${WORKFLOW_FILENAME}"
|
||||
ALL_LINKS+="$LINK"$'\n'
|
||||
done
|
||||
TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="${MAGIC_LINK_MESSAGE}"$'\n'"${ALL_LINKS}"
|
||||
echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY
|
||||
fi
|
||||
|
||||
[[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \
|
||||
&& TRUSTED_PUBLISHING=true || TRUSTED_PUBLISHING=false
|
||||
|
||||
@@ -96,6 +122,7 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
|
||||
|
||||
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||
echo "${TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE}"
|
||||
fi
|
||||
else
|
||||
echo \
|
||||
@@ -105,6 +132,7 @@ else
|
||||
if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
|
||||
echo "${PASSWORD_DEPRECATION_NUDGE}"
|
||||
echo "${TRUSTED_PUBLISHING_NUDGE}"
|
||||
echo "${TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE}"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user