CyberGRX / questions-three

Toolkit for developing and executing system-level tests
MIT License
5 stars 2 forks source link

Forks Github Actions fail on PyPi upload attempt #12

Open filfreire opened 4 years ago

filfreire commented 4 years ago

As of commit https://github.com/CyberGRX/questions-three/commit/3e68ba2d060cd4b168ebe91351d92f430abb0d6d, other users' forks will run Github Actions and their pipelines will fail on the Build and Publish step (due to missing credentials).

Example (link):

Uploading distributions to https://upload.pypi.org/legacy/
Uploading questions_three-3.12.1.0-py3-none-any.whl

  0%|          | 0.00/85.3k [00:00<?, ?B/s]
  9%|▉         | 8.00k/85.3k [00:00<00:01, 52.3kB/s]
100%|██████████| 85.3k/85.3k [00:00<00:00, 272kB/s] 
NOTE: Try --verbose to see response content.
HTTPError: 403 Forbidden from https://upload.pypi.org/legacy/
Invalid or non-existent authentication information. See https://pypi.org/help/#invalid-auth for more information.
##[error]Process completed with exit code 1.

@mikeduskis @ToddBradley any advice on how people with forks can handle this? Or is it something that needs to be edited on .github/workflows/publish.yml?

From what I could find online, there are ways of adding conditions to workflow files, or each Fork "owner" would need to disable actions.

ToddBradley commented 4 years ago

Hmm, interesting. I was surprised to hear the workflow is running in your fork, because GitHub's documentation says "Workflows in forked repositories don't run by default."

https://docs.github.com/en/actions/getting-started-with-github-actions/about-github-actions

I guess that part of the doc is wrong. Given that, I think the best workaround is for forkers to disable workflows altogether or modify them to their own purposes, just as they would modify any other part of the code for their purposes. Does that seem reasonable?

As an aside, do you have modifications you'd like to share with other users?

filfreire commented 4 years ago

Given that, I think the best workaround is for forkers to disable workflows altogether or modify them to their own purposes, just as they would modify any other part of the code for their purposes. Does that seem reasonable?

Yes seems reasonable!

As an aside, do you have modifications you'd like to share with other users?

There's 3 modifications that I actually think could be useful:

ToddBradley commented 4 years ago

All three of those sound useful to me. Wanna put together a PR for each one?