attestations: actually ignore setting with non-TP or non-pypi index

Author: facutuesca

twine-upload.sh

@@ -69,13 +69,15 @@ if [[ "${INPUT_ATTESTATIONS}" != "false" ]] ; then
     # user confusion, since attestations (currently) require Trusted Publishing.
     if [[ -n "${INPUT_PASSWORD}" ]] ; then
         echo "${ATTESTATIONS_WITHOUT_TP_WARNING}"
+        INPUT_ATTESTATIONS="false"
     fi
 
     # Setting `attestations: true` with an index other than PyPI or TestPyPI
     # indicates user confusion, since attestations are not supported on other
     # indices presently.
     if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]] ; then
         echo "${ATTESTATIONS_WRONG_INDEX_WARNING}"
+        INPUT_ATTESTATIONS="false"
     fi
 fi