Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PyPi trusted publishing: not working with reuseable workflows #528

Open
kdeldycke opened this issue May 4, 2023 · 0 comments
Open

PyPi trusted publishing: not working with reuseable workflows #528

kdeldycke opened this issue May 4, 2023 · 0 comments
Labels
🤖 ci Continuous integration, tests, automation and management of the project ✨ enhancement Improvement or change to an existing feature

Comments

@kdeldycke
Copy link
Owner

kdeldycke commented May 4, 2023

Attempt has been made in v2.14.0 (see 3571c06 and 1583a6f) but it doesn't work with reuseable workflow.

The publishing ends up with the following error:

2023-05-04T10:23:05.4290038Z ##[group]Run pypa/[email protected]
2023-05-04T10:23:05.4290334Z with:
2023-05-04T10:23:05.4290619Z   packages-dir: /home/runner/work/mail-deduplicate/mail-deduplicate
2023-05-04T10:23:05.4290908Z   user: __token__
2023-05-04T10:23:05.4291165Z   repository_url: https://upload.pypi.org/legacy/
2023-05-04T10:23:05.4291431Z   packages_dir: dist
2023-05-04T10:23:05.4291653Z   verify_metadata: true
2023-05-04T10:23:05.4291859Z   skip_existing: false
2023-05-04T10:23:05.4292069Z   verbose: false
2023-05-04T10:23:05.4292274Z   print_hash: false
2023-05-04T10:23:05.4292462Z ##[endgroup]
2023-05-04T10:23:05.4549470Z ##[command]/usr/bin/docker run --name ed866e85ca8b0c42a84a0aa2284859693d6a22_8005b6 --label ed866e --workdir /github/workspace --rm -e "INPUT_PACKAGES-DIR" -e "INPUT_USER" -e "INPUT_PASSWORD" -e "INPUT_REPOSITORY-URL" -e "INPUT_REPOSITORY_URL" -e "INPUT_PACKAGES_DIR" -e "INPUT_VERIFY-METADATA" -e "INPUT_VERIFY_METADATA" -e "INPUT_SKIP-EXISTING" -e "INPUT_SKIP_EXISTING" -e "INPUT_VERBOSE" -e "INPUT_PRINT-HASH" -e "INPUT_PRINT_HASH" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e "ACTIONS_ID_TOKEN_REQUEST_URL" -e "ACTIONS_ID_TOKEN_REQUEST_TOKEN" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/mail-deduplicate/mail-deduplicate":"/github/workspace" ed866e:85ca8b0c42a84a0aa2284859693d6a22  "__token__" "" "" "/home/runner/work/mail-deduplicate/mail-deduplicate" "" "" "false" ""
2023-05-04T10:23:05.9204477Z ##[notice]Attempting to perform trusted publishing exchange to retrieve a temporary short-lived API token for authentication against https://upload.pypi.org/legacy/ due to __token__ username with no supplied password field
2023-05-04T10:23:06.7818733Z ##[error]Trusted publishing exchange failure: 
2023-05-04T10:23:06.7820182Z Token request failed: the server refused the request for the following reasons:
2023-05-04T10:23:06.7909041Z 
2023-05-04T10:23:06.7909646Z * `invalid-publisher`: valid token, but no corresponding publisher
2023-05-04T10:23:06.7909902Z 
2023-05-04T10:23:06.9498873Z Evaluate and set environment url
2023-05-04T10:23:06.9503492Z Evaluated environment url: https://pypi.org/p/mail-deduplicate

For other info, see:

@kdeldycke kdeldycke added ✨ enhancement Improvement or change to an existing feature 🤖 ci Continuous integration, tests, automation and management of the project labels May 4, 2023
@kdeldycke kdeldycke changed the title Publish to PyPi via trusted channel Publish to PyPi via trusted channel: not working with reuseable workflows May 4, 2023
@kdeldycke kdeldycke changed the title Publish to PyPi via trusted channel: not working with reuseable workflows PyPi trusted publishing: not working with reuseable workflows May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🤖 ci Continuous integration, tests, automation and management of the project ✨ enhancement Improvement or change to an existing feature
Projects
None yet
Development

No branches or pull requests

1 participant