Display error when uploading signed file with no distribution

Related to pypa#931. If a user only uploads a signed .asc file without any distribution files, this now throws an error to make it more clear why Twine doesn't do anything.
jmwoliver · Nov 30, 2022 · c9fa2aa · c9fa2aa
1 parent 5b5d081
commit c9fa2aa
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 0 deletions.
diff --git a/AUTHORS b/AUTHORS
@@ -32,3 +32,4 @@ Yesha Maggi <yesha.maggic@gmail.com>
 Cyril de Catheu <cdecatheu@gmail.com> (https://catheu.tech/)
 Thomas Miedema <thomasmiedema@gmail.com>
 Hugo van Kemenade (https://github.com/hugovk)
+Jacob Woliver <jacob@jmw.sh> (jmw.sh)
diff --git a/changelog/931.misc.rst b/changelog/931.misc.rst
@@ -0,0 +1 @@
+Throws an error when uploading signed files without any distribution files.
diff --git a/tests/test_upload.py b/tests/test_upload.py
@@ -178,6 +178,18 @@ def test_success_with_pre_signed_distribution(upload_settings, stub_repository):
  )
 
 
+def test_exception_with_only_pre_signed_file(upload_settings, stub_repository):
+ """Raise an exception when only a signed file is uploaded."""
+ # Upload only pre-signed file
+ with pytest.raises(exceptions.InvalidDistribution) as err:
+ upload.upload(upload_settings, [helpers.WHEEL_FIXTURE + ".asc"])
+
+ assert (
+ "Cannot upload signed files by themselves, must upload with a "
+ "corresponding distribution." in err.value.args[0]
+ )
+
+
 def test_success_when_gpg_is_run(upload_settings, stub_repository, monkeypatch):
  """Add GPG signature generated by gpg command to uploaded package."""
  # Indicate that upload() should run_gpg() to generate the signature, which

diff --git a/twine/commands/upload.py b/twine/commands/upload.py
@@ -127,6 +127,14 @@ def upload(upload_settings: settings.Settings, dists: List[str]) -> None:
  repository = upload_settings.create_repository()
  uploaded_packages = []
 
+ # If a user tries to upload signature files with no actual distributions,
+ # then throw an error.
+ if len(packages_to_upload) == 0 and len(signatures) > 0:
+ raise exceptions.InvalidDistribution(
+ "Cannot upload signed files by themselves, must upload with a "
+ "corresponding distribution."
+ )
+
  for package in packages_to_upload:
  skip_message = (
  f"Skipping {package.basefilename} because it appears to already exist"