Comments (2)
Dunno. Maybe, this doesn't work for sdists somehow. FWIW, we correctly pass the CLI flag to Twine and it's Twine's job to do the skipping. We don't have any logic around this in the action itself — it's mostly just a wrapper.
Also, I'd like to discourage people from using that toggle more vocally in README: #200. I consider it a dirty hack. It's best to structure your CI/CD so that double uploads are never attempted in the first place.
Among other problems in your workflow:
- passing
--sdist
and--wheel
— this forces building both from Git which is not what pip does and you wouldn't know if the end-users end up being unable to install from sdists; none of these CLI args should be passed - building is happening in the same job as publishing, which has dangerous privileges enabled (OIDC) that opens up a security issue — the possibility of privilege escalation through crafted build deps
Follow https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/, please.
I'm closing this issue as there's nothing we can do here. Feel free to ask on the Twine tracker.
from gh-action-pypi-publish.
Oh, verbose: true
could make the Twine output more detailed. But that's about it.
Your workflow runs on every push to the main branch which has the version hardcoded and so every workflow run attempts uploading. You should probably make use of something like setuptools-scm
to make the versions different in each commit + use tags as triggers, at least.
from gh-action-pypi-publish.
Related Issues (20)
- Duplicate alert when uploading wheels HOT 7
- Error: `long_description` has syntax errors in markup and would not be rendered on PyPI HOT 14
- Nudge users to use Trusted Publishers when publishing to PyPI and TestPyPI HOT 5
- `invalid-publisher` error when using reusable workflow HOT 16
- upload fail in middle with `HTTPError: 400; This filename has already been used` HOT 25
- `invalid-publisher`: valid token, but no corresponding publisher HOT 61
- "`invalid-publisher`: valid token, but no corresponding publisher" error, nothing changed on our side HOT 5
- Using self-hosted runners for publishing HOT 7
- Proposal: warn the user on user/password pair use HOT 6
- Trusted publisher exchange failure HOT 1
- Consider removing notice annotations for authentication scheme HOT 6
- Publishing fails if dist/ folder contains a subfolder HOT 4
- Why build action container on every run? HOT 2
- Make this action play nicely with new gh upload/download artifact actions v4 HOT 7
- [docs] Emphasize the dangers of enabling `skip-existing` in README
- Provide a better troubleshooting message when used from a 3P PR
- Provide a full example of a GitHub Actions config, rather than small little pieces HOT 5
- raise BadZipFile("Bad magic number for central directory") HOT 7
- invalid-publisher: valid token, but no corresponding publisher part 2 HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gh-action-pypi-publish.