Test.pypi.org returning 500 #25
Labels
enhancement
New feature or request
good first issue
Good for newcomers
help wanted
Extra attention is needed
Comments
|
Let's ask @ewdurbin to check. Because HTTP 500 is a server error. But in general it seems to belong to the warehouse repo. |
|
This may be related to pypi/warehouse#7298 |
|
@ewdurbin do you want to transfer this issue there? Should I try stripping off the newlines here? |
|
pypi/warehouse#7298 has been closed (by pypi/warehouse#7424). OK to close this one? |
|
Not sure, maybe we should do a better job stripping the input. |
webknjaz
added
enhancement
webknjaz
pushed a commit
to colindean/gh-action-pypi-publish
that referenced
this issue
Mar 10, 2023
Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes pypa#25.
webknjaz
pushed a commit
to colindean/gh-action-pypi-publish
that referenced
this issue
Mar 10, 2023
Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes pypa#25.
woodruffw
added a commit
to trail-of-forks/gh-action-pypi-publish
that referenced
this issue
Mar 13, 2023
Just for testing. Signed-off-by: William Woodruff <william@trailofbits.com> action, twine-upload: scaffolding Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: initial skeleton Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange, twine-upload: tweakage Signed-off-by: William Woodruff <william@trailofbits.com> twine, oidc: move mask back into exchange Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: TestPyPI support Signed-off-by: William Woodruff <william@trailofbits.com> action: remove oidc_audience input Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: debugging Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: debugging Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: typo Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: audience negotiation Signed-off-by: William Woodruff <william@trailofbits.com> debug: dump JWT payload This is not sensitive, since we strip the signature. Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: typo Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: debugging Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: oopsie Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: undo debugging changes Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: switch to `id` for OIDC cred Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: better error messages/step summaries Signed-off-by: William Woodruff <william@trailofbits.com> remove `dry_run` Signed-off-by: William Woodruff <william@trailofbits.com> requirements: `pip-compile` Signed-off-by: William Woodruff <william@trailofbits.com> Bump cryptography from 38.0.4 to 39.0.1 in /requirements Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.4 to 39.0.1. - [Release notes](https://github.com/pyca/cryptography/releases) - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@38.0.4...39.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> ⇪ Bump isort to v5.12.0 The previous version had a Poetry packaging problem. This patch fixes that. 🎨 Warn about empty password/token action input Before this patch, the warning would say that the token was expected to start with `pypi-` but it may be unobvious. With this change, the end-users are warned when they're passing a completely empty password value. Fixes pypa#25. 🎨 Convert action inputs to use kebab-case Up until now, the action input names followed the snake_case naming pattern that is well familiar to the pythonistas. But in GitHub actions, the de-facto standard is using kebab-case, which is what this patch achieves. This style helps make the keys in YAML better standardized and distinguishable from other identifiers. The old snake_case names remain functional for the time being and will not be removed until at least v3 release of this action. 🐛 Make kebab options fall back for snake_case The previous release didn't take into account the action defaults so the promised fallbacks for the old input names didn't work. This patch corrects that mistake. oidc-exchange: context manager Signed-off-by: William Woodruff <william@trailofbits.com> twine-upload: reflow Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: input normalization Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: reflow Signed-off-by: William Woodruff <william@trailofbits.com> runtime.in: document dependency Signed-off-by: William Woodruff <william@trailofbits.com> twine-upload: enquote Signed-off-by: William Woodruff <william@trailofbits.com> twine-upload: only do OIDC flow when user is token Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: reflow Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: reflow Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exhcange: factor out audience call check Signed-off-by: William Woodruff <william@trailofbits.com> README: document OIDC publishing Signed-off-by: William Woodruff <william@trailofbits.com> oidc-exchange: reflow Signed-off-by: William Woodruff <william@trailofbits.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I am not sure if this belongs here, but I am having an issue when using this Github Action.
This is the link to the github run that failed:
https://github.com/jampp/migratron/pull/25/checks?check_run_id=456554120
and the content is:
If I run:
with a valid
TWINE_PASSWORDthat works ok. If I use an invalid password ir returns a 403 and not a 500The text was updated successfully, but these errors were encountered: