- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 105
Closed
Labels
bugSomething isn't workingSomething isn't working
Description
I'm getting an error about invalid attestations trying to publish my project to PyPI.  I use a pretty typical workflow: cibuildwheel to create wheels, and upload-artifact/download-artifact actions to collect all the wheels into one directory for this pypi upload action.
It looks like something is mangling a wheel name in the attestation subject in the process, as the upload fails on one of the wheels with this error:
Uploading spt3g-1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
WARNING  Error during upload. Retry with the --verbose option for more details. 
ERROR    HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/        
         Invalid attestations supplied during upload: Could not verify the      
         uploaded artifact using the included attestation: Verification failed: 
         subject does not match distribution name:                              
         spt3g-1.0-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.whl !=
         spt3g-1.0-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl   
This is my workflow, and this is the failed action run.
I've disabled attestations for now, but am reporting this so that it can be resolved for future releases.
webknjaz
Metadata
Metadata
Labels
bugSomething isn't workingSomething isn't working