Provide hints when trusted publishing fails #8223
Labels
enhancement
New feature or improvement to existing functionality
Comments
konstin
added
the
enhancement
konstin
added a commit
that referenced
this issue
Oct 28, 2024
Trusted publishing errors are a tough problem because for security reason, PyPI won't tell use the trusted publishing configuration for a repo and GitHub Actions doesn't let us see arbitrary secrets either. These changes handle using trusted publishing while other credentials are also set (an error) and adds a hint and an error trace when it looks like the user wanted trusted publishing, but it wasn't configured. Most of #8223, only missing a live test repo.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When trusted publishing on github actions was requested but fails, it's usually due to some mismatch between pypi's configuration and the actual job, e.g., a missing
.ymlextension. It's cumbersome to debug since pypi will not tell you what mismatched for security, and you can only use trusted publishing in github actions, so each debugging round is starting a new publish job. To help with trusted publishing errors, we should provide a printout with debug information that the user can easily diff against the fields they entered in the pypi web interface and their github actions job configuration.The text was updated successfully, but these errors were encountered: