Use trusted publishing with both PyPI and TestPyPI #129
+79
−44
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
For both the action step documentation and Python Packaging User Guide says that repository-url is required for publishing on TestPyPI, but the workflow run produces this warning: > Unexpected input(s) 'repository-url', valid inputs are > ['entryPoint', 'args', 'user', 'password', 'repository_url', > 'packages_dir', 'verify_metadata', 'skip_existing', 'verbose', > 'print_hash'] And this warning: > Warning: It looks like you are trying to use an API token to > authenticate in the package index and your token value does not > start with "pypi-" as it typically should. This may cause an > authentication error. Please verify that you have copied your token > properly if such an error occurs. And this error message: > INFO Response from https://upload.pypi.org/legacy/: > 403 Invalid or non-existent authentication information. See > https://pypi.org/help/#invalid-auth for more information. > INFO <html> > <head> > <title>403 Invalid or non-existent authentication information. See > https://pypi.org/help/#invalid-auth for more information.</title> > </head> > <body> > <h1>403 Invalid or non-existent authentication information. See > https://pypi.org/help/#invalid-auth for more information.</h1> > Access was denied to this resource.<br/><br/> > Invalid or non-existent authentication information. See > https://pypi.org/help/#invalid-auth for more information. > > > </body> > </html> > ERROR HTTPError: 403 Forbidden from https://upload.pypi.org/legacy/ > Invalid or non-existent authentication information. See > https://pypi.org/help/#invalid-auth for more information. Let us give repository_url a try then!
Stay with the known devil
After updating pypa/gh-action-pypi-publish, the warning about repository url changed: > Warning: Input 'repository_url' has been deprecated with message: > The inputs have been normalized to use kebab-case. Use > `repository-url` instead.
Done with debugging the trusted publishing workflow, I hope.
|
This is ready for review. These are the changes:
I have tested the workflow with both PyPI and TestPyPI, and things seem to work just fine. See the yanked release at PyPI (https://pypi.org/manage/project/zfec/release/1.6.0.1.post0/) and the recent uploads to TestPyPI (https://test.pypi.org/project/zfec/#history). |
hacklschorsch
approved these changes
Mar 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Attempting to resolve #127; stacked on top of #121. I have added the repository owner (tahoe-lafs), repository name (zfec), workflow file (build.yml), and environment (release or testpypi) to add GHA as a publisher both on TestPyPI and PyPI.