From 1fa98bf3320532b4cc5a305281337103b0d77123 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Fri, 26 Apr 2024 12:44:25 -0400 Subject: [PATCH 1/2] twine-upload: fix tense on password nudge Also makes password use a hard error on PyPI. Signed-off-by: William Woodruff --- twine-upload.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/twine-upload.sh b/twine-upload.sh index 62de5d5..62f7f53 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -40,9 +40,9 @@ INPUT_VERIFY_METADATA="$(get-normalized-input 'verify-metadata')" INPUT_SKIP_EXISTING="$(get-normalized-input 'skip-existing')" INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')" -PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads deprecated::\ -Starting in 2024, PyPI will require all users to enable Two-Factor \ -Authentication. This will consequently require all users to switch \ +PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\ +As of 2024, PyPI requires all users to enable Two-Factor \ +Authentication. This consequentlys require all users to switch \ to either Trusted Publishers (preferred) or API tokens for package \ uploads. Read more: \ https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/" @@ -74,6 +74,7 @@ else if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then echo "${PASSWORD_DEPRECATION_NUDGE}" echo "${TRUSTED_PUBLISHING_NUDGE}" + exit 1 fi fi From dffad7f8898044950078bc8c8c552f9254ea4cba Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 16 May 2024 10:41:55 -0400 Subject: [PATCH 2/2] Apply suggestions from code review --- twine-upload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/twine-upload.sh b/twine-upload.sh index 62f7f53..592a366 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -42,7 +42,7 @@ INPUT_PRINT_HASH="$(get-normalized-input 'print-hash')" PASSWORD_DEPRECATION_NUDGE="::error title=Password-based uploads disabled::\ As of 2024, PyPI requires all users to enable Two-Factor \ -Authentication. This consequentlys require all users to switch \ +Authentication. This consequently requires all users to switch \ to either Trusted Publishers (preferred) or API tokens for package \ uploads. Read more: \ https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/"