invalid-publisher: valid token, but no corresponding publisher

[ropeless]

I have looked at related issue 138 and issue 217.

I get the invalid-publisher error for both PyPi and TestPyPi. I'm really struggling to set up trusted publisher workflow - any guidance much appreciated!

My github workflow is here: python-publish.yml.

Here's the job error for PyPi:

Error: Trusted publishing exchange failure: 
Token request failed: the server refused the request for the following reasons:
* `invalid-publisher`: valid token, but no corresponding publisher (All lookup strategies exhausted)
This generally indicates a trusted publisher configuration error, but could
also indicate an internal error on GitHub or PyPI's part.
The claims rendered below are **for debugging purposes only**. You should **not**
use them to configure a trusted publisher unless they already match your expectations.
If a claim is not present in the claim set, then it is rendered as `MISSING`.
* `sub`: `repo:ropeless/compiled_knowledge:environment:pypi`
* `repository`: `ropeless/compiled_knowledge`
* `repository_owner`: `ropeless`
* `repository_owner_id`: `27751641`
* `workflow_ref`: `ropeless/compiled_knowledge/.github/workflows/python-publish.yml@refs/heads/fix/build_workflow`
* `job_workflow_ref`: `ropeless/compiled_knowledge/.github/workflows/python-publish.yml@refs/heads/fix/build_workflow`
* `ref`: `refs/heads/fix/build_workflow`

Here's the job error for TestPyPi:

Error: Trusted publishing exchange failure: 
Token request failed: the server refused the request for the following reasons:
* `invalid-publisher`: valid token, but no corresponding publisher (All lookup strategies exhausted)
This generally indicates a trusted publisher configuration error, but could
also indicate an internal error on GitHub or PyPI's part.
The claims rendered below are **for debugging purposes only**. You should **not**
use them to configure a trusted publisher unless they already match your expectations.
If a claim is not present in the claim set, then it is rendered as `MISSING`.
* `sub`: `repo:ropeless/compiled_knowledge:environment:testpypi`
* `repository`: `ropeless/compiled_knowledge`
* `repository_owner`: `ropeless`
* `repository_owner_id`: `27751641`
* `workflow_ref`: `ropeless/compiled_knowledge/.github/workflows/python-publish.yml@refs/heads/fix/build_workflow`
* `job_workflow_ref`: `ropeless/compiled_knowledge/.github/workflows/python-publish.yml@refs/heads/fix/build_workflow`
* `ref`: `refs/heads/fix/build_workflow`

Here's the trusted publisher details on PyPi:

Here's the trusted publisher details on TestPyPi:

[webknjaz]

@facutuesca @woodruffw any recent Warehouse changes? A quick look didn't surface anything obvious..

@di @miketheman any chance to lurk into the event log?

[woodruffw]

I'll be able to triage more tomorrow, but from a very quick look: you've configured compiled-knowledge as the repo on PyPI, but the claim itself indicates that the repo is named compiled_knowledge (note the underscore). That alone would be enough to cause a publisher mismatch.

[ropeless]

Ah! Good spot - many thanks. I feel a bit silly - that's fixed on PyPI and the trusted publisher for PyPI now works for me.

Still no success with TestPyPI.

Just wondering... I don't yet have an existing release to TestPyPI. So although the project exists in my TestPyPI account, the public URL doesn't seem to go anywhere yet (https://test.pypi.org/project/compiled-knowledge/). Could that be causing a problem with gh-action-pypi-publish which somehow get reported as an invalid-publisher error?

[facutuesca]

Still no success with TestPyPI.

@ropeless looking at the workflow, you still need to specify the index url for TestPyPI. Something like:

- name: Publish package distributions to TestPyPI
  uses: pypa/gh-action-pypi-publish@release/v1
  with:
    repository-url: https://test.pypi.org/legacy/

[ropeless]

Wonderful! All working. So sorry my errors caused this. But really appreciate the help you provided. Kind regards.

[woodruffw]

No problem, I'm glad you got it resolved!