Skip to content

Commit

Permalink
twine-upload: only nudge on PyPI-looking domains
Browse files Browse the repository at this point in the history
Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
woodruffw committed Jul 10, 2023
1 parent be69596 commit e90e853
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions twine-upload.sh
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,18 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
echo \
'::notice::Using a user-provided API token for authentication' \
"against ${INPUT_REPOSITORY_URL}"
echo "${TRUSTED_PUBLISHING_NUDGE}"

if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
else
echo \
'::notice::Using a username + password pair for authentication' \
"against ${INPUT_REPOSITORY_URL}"
echo "${TRUSTED_PUBLISHING_NUDGE}"

if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
echo "${TRUSTED_PUBLISHING_NUDGE}"
fi
fi

if [[
Expand Down

0 comments on commit e90e853

Please sign in to comment.