Skip to content

check: ignore attestations, like signatures#1172

Merged
sigmavirus24 merged 1 commit intopypa:mainfrom
woodruffw-forks:ww/check-ignore-attestation
Oct 31, 2024
Merged

check: ignore attestations, like signatures#1172
sigmavirus24 merged 1 commit intopypa:mainfrom
woodruffw-forks:ww/check-ignore-attestation

Conversation

@woodruffw
Copy link
Copy Markdown
Member

@woodruffw woodruffw commented Oct 31, 2024

This fixes a bug that I accidentally introduced with attestations support: twine upload learned the difference between distributions and attestations, but twine check didn't.

As a result, twine check dist/* would fail with
an InvalidDistribution error whenever attestations are present in the dist directory, like so:

Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'

This fixes the behavior of twine check by having it skip attestations in the input list, like it does with .asc signatures. To do this, I reused the _split_inputs helper that was added with #1095, meaning that twine upload and twine check now have the same input splitting/filtering logic.

As part of reusing _split_inputs, I moved it to the top-level twine.commands module, since that's where other shared input handling helpers live. I've also moved the test to match.

See pypa/gh-action-pypi-publish#283 for some additional breakage context.

@woodruffw
check: ignore attestations, like signatures
257f9cd 
This fixes a bug that I accidentally introduced with
attestations support: `twine upload` learned the difference
between distributions and attestations, but `twine check`
didn't.

As a result, `twine check dist/*` would fail with
an `InvalidDistribution` error whenever attestations are
present in the dist directory, like so:

```
Checking dist/svgcheck-0.9.0.tar.gz: PASSED
Checking dist/svgcheck-0.9.0.tar.gz.publish.attestation: ERROR    InvalidDistribution: Unknown distribution format:
         'svgcheck-0.9.0.tar.gz.publish.attestation'
```

This fixes the behavior of `twine check` by having it
skip attestations in the input list, like it does with
`.asc` signatures. To do this, I reused the `_split_inputs`
helper that was added with pypa#1095, meaning that `twine upload`
and `twine check` now have the same input splitting/filtering
logic.

See pypa/gh-action-pypi-publish#283
for some additional breakage context.

Signed-off-by: William Woodruff <[email protected]>
@woodruffw woodruffw mentioned this pull request Oct 31, 2024
Closed
@sigmavirus24 sigmavirus24 merged commit dd61356 into pypa:main Oct 31, 2024
@woodruffw woodruffw deleted the ww/check-ignore-attestation branch October 31, 2024 18:20
@webknjaz
Copy link
Copy Markdown
Member

webknjaz commented Nov 1, 2024

@sigmavirus24 @jaraco any chance to release this ASAP? With the last pypi-publish release toggling the attestations flag for everyone, I foresee this affecting a lot of people on the scale.

This was referenced Nov 30, 2024
Closed
Merged
@c-bata c-bata mentioned this pull request Jan 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@woodruffw @webknjaz @sigmavirus24