Merge pull request #142 from trail-of-forks/tob-indicate-oidc

Add explanation of why the OIDC publishing was chosen to the log output.
pypa · Apr 3, 2023 · 69efb8c · 69efb8c
2 parents 29930c9 + dfde872
commit 69efb8c
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/oidc-exchange.py b/oidc-exchange.py
@@ -17,6 +17,12 @@
 
 {message}
 
+You're seeing this because the action wasn't given the inputs needed to
+perform password-based or token-based authentication. If you intended to
+perform one of those authentication methods instead of trusted
+publishing, then you should double-check your secret configuration and variable
+names.
+
 Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/
 """
 

diff --git a/twine-upload.sh b/twine-upload.sh
@@ -46,7 +46,8 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
     echo \
         '::notice::Attempting to perform OIDC credential exchange' \
         'to retrieve a temporary short-lived API token for authentication' \
-        "against ${INPUT_REPOSITORY_URL}"
+        "against ${INPUT_REPOSITORY_URL} due to __token__ username with no" \
+        'supplied password field'
     INPUT_PASSWORD="$(python /app/oidc-exchange.py)"
 elif [[ "${INPUT_USER}" == '__token__' ]]; then
     echo \