Skip to content

Need explicitly set pypi user to __token__ if not passing a value #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mhucka merged 3 commits into from
Nov 10, 2025
Merged

Need explicitly set pypi user to __token__ if not passing a value #43

mhucka merged 3 commits into from
Nov 10, 2025

Conversation

@mhucka
Copy link
Contributor

@mhucka mhucka commented Nov 9, 2025
edited
Loading

The way GitHub Actions workflows treat undefined variables combined with the way parameters are interpreted by pypa/gh-action-pypi-publish results in that action not using its internal default (which actually is __token__) if the parameter expands to an empty string. My local testing did not reveal this because in local testing, I always assigned a value to testpypi_user.

Also included in this PR is a clarification in the workflows/README.md file to one of the debugging tips.

@mhucka
Need explicitly set use to __token__ if not passing a value
31139b0 
The way GitHub Actions workflows treat undefined variables combined with
the way parameters are interpreted by `pypa/gh-action-pypi-publish`
results in that action _not_ using its internal default (which actually
is `__token__`) if the parameter expands to an empty string. My local
testing did not reveal this because in local testing, I always assigned
a value to `testpypi_user`.
@mhucka mhucka marked this pull request as ready for review November 9, 2025 02:38
@mhucka mhucka requested a review from Strilanc November 9, 2025 02:39
@mhucka mhucka changed the title Need explicitly set use to __token__ if not passing a value Need explicitly set pypi user to __token__ if not passing a value Nov 10, 2025
@mhucka
Switch to using secrets
5ac2c56 
This is more secure than using environment variables for the testpypi
user name and password.
@mhucka
Add a clarification to the workflow testing tips
e1773c5
@mhucka mhucka added the devops Involves build systems, CMake files, Make files, Bazel files, continuous integration, and/or related label Nov 10, 2025
@mhucka mhucka added this pull request to the merge queue Nov 10, 2025
Merged via the queue into main with commit 726a1a3 Nov 10, 2025
53 checks passed
@mhucka mhucka deleted the mh-fix-ci-token branch November 10, 2025 20:00
@mhucka mhucka restored the mh-fix-ci-token branch November 20, 2025 04:27
mhucka added a commit that referenced this pull request Dec 1, 2025
@mhucka
Need explicitly set pypi user to __token__ if not passing a value (#43
ae907e8 
)

The way GitHub Actions workflows treat undefined variables combined with
the way parameters are interpreted by `pypa/gh-action-pypi-publish`
results in that action _not_ using its internal default (which actually
is `__token__`) if the parameter expands to an empty string. My local
testing did not reveal this because in local testing, I always assigned
a value to `testpypi_user`.

Also included in this PR is a clarification in the workflows/README.md
file to one of the debugging tips.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Strilanc Strilanc Strilanc approved these changes

Assignees

No one assigned

Labels

devops Involves build systems, CMake files, Make files, Bazel files, continuous integration, and/or related

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mhucka @Strilanc