Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

check: ignore attestations, like signatures #1172

Merged
merged 1 commit into from
Oct 31, 2024

Conversation

woodruffw
Copy link
Member

This fixes a bug that I accidentally introduced with attestations support: twine upload learned the difference between distributions and attestations, but twine check didn't.

As a result, twine check dist/* would fail with
an InvalidDistribution error whenever attestations are present in the dist directory, like so:

Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'

This fixes the behavior of twine check by having it skip attestations in the input list, like it does with .asc signatures. To do this, I reused the _split_inputs helper that was added with #1095, meaning that twine upload and twine check now have the same input splitting/filtering logic.

As part of reusing _split_inputs, I moved it to the top-level twine.commands module, since that's where other shared input handling helpers live. I've also moved the test to match.

See pypa/gh-action-pypi-publish#283 for some additional breakage context.

This fixes a bug that I accidentally introduced with
attestations support: `twine upload` learned the difference
between distributions and attestations, but `twine check`
didn't.

As a result, `twine check dist/*` would fail with
an `InvalidDistribution` error whenever attestations are
present in the dist directory, like so:

```
Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'
```

This fixes the behavior of `twine check` by having it
skip attestations in the input list, like it does with
`.asc` signatures. To do this, I reused the `_split_inputs`
helper that was added with pypa#1095, meaning that `twine upload`
and `twine check` now have the same input splitting/filtering
logic.

See pypa/gh-action-pypi-publish#283
for some additional breakage context.

Signed-off-by: William Woodruff <william@yossarian.net>
@sigmavirus24 sigmavirus24 merged commit dd61356 into pypa:main Oct 31, 2024
23 checks passed
@woodruffw woodruffw deleted the ww/check-ignore-attestation branch October 31, 2024 18:20
@webknjaz
Copy link
Member

webknjaz commented Nov 1, 2024

@sigmavirus24 @jaraco any chance to release this ASAP? With the last pypi-publish release toggling the attestations flag for everyone, I foresee this affecting a lot of people on the scale.

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants