Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

check: ignore attestations, like signatures #1172

Merged
merged 1 commit into from
Oct 31, 2024
Merged

check: ignore attestations, like signatures #1172

merged 1 commit into from
Oct 31, 2024

Conversation

woodruffw
Copy link
Member

This fixes a bug that I accidentally introduced with attestations support: twine upload learned the difference between distributions and attestations, but twine check didn't.

As a result, twine check dist/* would fail with
an InvalidDistribution error whenever attestations are present in the dist directory, like so:

Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'

This fixes the behavior of twine check by having it skip attestations in the input list, like it does with .asc signatures. To do this, I reused the _split_inputs helper that was added with #1095, meaning that twine upload and twine check now have the same input splitting/filtering logic.

As part of reusing _split_inputs, I moved it to the top-level twine.commands module, since that's where other shared input handling helpers live. I've also moved the test to match.

See pypa/gh-action-pypi-publish#283 for some additional breakage context.

@woodruffw
check: ignore attestations, like signatures
257f9cd 
This fixes a bug that I accidentally introduced with
attestations support: `twine upload` learned the difference
between distributions and attestations, but `twine check`
didn't.

As a result, `twine check dist/*` would fail with
an `InvalidDistribution` error whenever attestations are
present in the dist directory, like so:

```
Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'
```

This fixes the behavior of `twine check` by having it
skip attestations in the input list, like it does with
`.asc` signatures. To do this, I reused the `_split_inputs`
helper that was added with pypa#1095, meaning that `twine upload`
and `twine check` now have the same input splitting/filtering
logic.

See pypa/gh-action-pypi-publish#283
for some additional breakage context.

Signed-off-by: William Woodruff <[email protected]>
@woodruffw woodruffw mentioned this pull request Oct 31, 2024
Closed
@sigmavirus24 sigmavirus24 merged commit dd61356 into pypa:main Oct 31, 2024
23 checks passed
@woodruffw woodruffw deleted the ww/check-ignore-attestation branch October 31, 2024 18:20
@webknjaz
Copy link
Member

webknjaz commented Nov 1, 2024

@sigmavirus24 @jaraco any chance to release this ASAP? With the last pypi-publish release toggling the attestations flag for everyone, I foresee this affecting a lot of people on the scale.

This was referenced Nov 30, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@woodruffw @webknjaz @sigmavirus24