diff --git a/oidc-exchange.py b/oidc-exchange.py index 0e058879..52bee141 100644 --- a/oidc-exchange.py +++ b/oidc-exchange.py @@ -17,6 +17,12 @@ {message} +You're seeing this because the action wasn't given the inputs needed to +perform password-based or token-based authentication. If you intended to +perform one of those authentication methods instead of trusted +publishing, then you should double-check your secret configuration and variable +names. + Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/ """ diff --git a/twine-upload.sh b/twine-upload.sh index 63a6564d..f38d4296 100755 --- a/twine-upload.sh +++ b/twine-upload.sh @@ -46,7 +46,8 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then echo \ '::notice::Attempting to perform OIDC credential exchange' \ 'to retrieve a temporary short-lived API token for authentication' \ - "against ${INPUT_REPOSITORY_URL}" + "against ${INPUT_REPOSITORY_URL} due to __token__ username with no" \ + 'supplied password field' INPUT_PASSWORD="$(python /app/oidc-exchange.py)" elif [[ "${INPUT_USER}" == '__token__' ]]; then echo \