Skip to content

Commit

Permalink
🎨 Warn about empty password/token action input
Browse files Browse the repository at this point in the history
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes pypa#25.
  • Loading branch information
colindean authored and webknjaz committed Mar 10, 2023
1 parent d2ce3ec commit efcb9ba
Showing 1 changed file with 19 additions and 9 deletions.
28 changes: 19 additions & 9 deletions twine-upload.sh
Original file line number Diff line number Diff line change
Expand Up @@ -23,15 +23,25 @@ if [[
! "$INPUT_PASSWORD" =~ ^pypi-
]]
then
echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
POTENTIALLY INVALID TOKEN \
'<< ':: \
It looks like you are trying to use an API token to \
authenticate in the package index and your token value does \
not start with '"pypi-"' as it typically should. This may \
cause an authentication error. Please verify that you have \
copied your token properly if such an error occurs.
if [[ -z "$INPUT_PASSWORD" ]]; then
echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
EMPTY TOKEN \
'<< ':: \
It looks like you have not passed a password or it \
is otherwise empty. Please verify that you have passed it \
directly or, preferably, through a secret.
else
echo \
::warning file='# >>' PyPA publish to PyPI GHA'%3A' \
POTENTIALLY INVALID TOKEN \
'<< ':: \
It looks like you are trying to use an API token to \
authenticate in the package index and your token value does \
not start with '"pypi-"' as it typically should. This may \
cause an authentication error. Please verify that you have \
copied your token properly if such an error occurs.
fi
fi

if ( ! ls -A ${INPUT_PACKAGES_DIR%%/}/*.tar.gz &> /dev/null && \
Expand Down

0 comments on commit efcb9ba

Please sign in to comment.