Merge pull request #142 from trail-of-forks/tob-indicate-oidc

webknjaz · web-flow · commit 69efb8cbfb5f · 2023-04-03T02:07:09.000+02:00
Add explanation of why the OIDC publishing was chosen to the log output.
diff --git a/oidc-exchange.py b/oidc-exchange.py
@@ -17,6 +17,12 @@
 
 {message}
 
+You're seeing this because the action wasn't given the inputs needed to
+perform password-based or token-based authentication. If you intended to
+perform one of those authentication methods instead of trusted
+publishing, then you should double-check your secret configuration and variable
+names.
+
 Read more about trusted publishers at https://docs.pypi.org/trusted-publishers/
 """
 
diff --git a/twine-upload.sh b/twine-upload.sh
@@ -46,7 +46,8 @@ if [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] ; then
     echo \
         '::notice::Attempting to perform OIDC credential exchange' \
         'to retrieve a temporary short-lived API token for authentication' \
-        "against ${INPUT_REPOSITORY_URL}"
+        "against ${INPUT_REPOSITORY_URL} due to __token__ username with no" \
+        'supplied password field'
     INPUT_PASSWORD="$(python /app/oidc-exchange.py)"
 elif [[ "${INPUT_USER}" == '__token__' ]]; then
     echo \
