fishbotics / urchin

Python parser for URDFs
http://urdfpy.readthedocs.io/
MIT License
32 stars 15 forks source link

PyPI upload failed for 0.0.29 #24

Closed traversaro closed 3 days ago

traversaro commented 6 days ago

I tagged 0.0.29 after https://github.com/fishbotics/urchin/pull/23, and now the PyPI upload job is failing with error (https://github.com/fishbotics/urchin/actions/runs/11517565060):

Warning: Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers
Warning: A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):
- https://pypi.org/manage/project/urchin/settings/publishing/?provider=github&owner=fishbotics&repository=urchin&workflow_filename=publish-to-pypi.yml

Checking dist/urchin-0.0.29-py3-none-any.whl: PASSED with warnings
WARNING  `long_description_content_type` missing. defaulting to `text/x-rst`.   
Checking dist/urchin-0.0.29.tar.gz: PASSED with warnings
WARNING  `long_description_content_type` missing. defaulting to `text/x-rst`.   
Uploading distributions to https://upload.pypi.org/legacy/
Uploading urchin-0.0.29-py3-none-any.whl
WARNING  Error during upload. Retry with the --verbose option for more details. 
ERROR    HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/        
         User 'fishbotics' does not have two-factor authentication enabled.     
         Please enable two-factor authentication before attempting to upload to 
         PyPI. See https://pypi.org/help/#two-factor-authentication for more    
         information.                                                 
traversaro commented 6 days ago

Sorry to bother you again @fishbotics, if you want to add me (https://pypi.org/user/traversaro/) as PyPI mantainer of urchin I can fix this, otherwise you can either pass to use "Trusted Publishers" for publishing packages to PyPI or enable two-factor authentication on PyPI.

Anyhow, no hurry, the main way with which my users install urchin is via conda-forge, so with a tag I can already package urchin 0.0.29 there, thanks!

fishbotics commented 4 days ago

Ah, ok! I just added you as a maintainer for the project on PyPi. If you’d prefer to be an Owner, I’m happy to do that as well.

On Oct 25, 2024, at 4:50 AM, Silvio Traversaro @.***> wrote:

Sorry to bother you again @fishbotics https://github.com/fishbotics, if you want to add me (https://pypi.org/user/traversaro/) as PyPI mantainer of urchin I can fix this, otherwise you can either pass to use "Trusted Publishers" for publishing packages to PyPI or enable two-factor authentication on PyPI.

Anyhow, no hurry, the main way with which my users install urchin is via conda-forge, so with a tag I can already package urchin 0.0.29 there, thanks!

— Reply to this email directly, view it on GitHub https://github.com/fishbotics/urchin/issues/24#issuecomment-2437581036, or unsubscribe https://github.com/notifications/unsubscribe-auth/AK4QKXU2HF3IBYYPMMJIDBLZ5IWBFAVCNFSM6AAAAABQTDLGM6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZXGU4DCMBTGY. You are receiving this because you were mentioned.

traversaro commented 4 days ago

Thanks! Let's see if maintainer is enough to enable Trusted Publisher (see https://docs.pypi.org/trusted-publishers/using-a-publisher), that should be more robust then using tokens.

traversaro commented 4 days ago

Thanks! Let's see if maintainer is enough to enable Trusted Publisher (see https://docs.pypi.org/trusted-publishers/using-a-publisher), that should be more robust then using tokens.

Yes, apparently do enable Trusted Publishers I need to be Owner on PyPI. I tried also to change the upload token in the repo with one generated by me (that I have double factor authentication enabled), but I can't as I only have write permissions (not admin) in this repo. So I guess to unblock the situation I need either Owner permission on PyPI or Admin permissions in the GitHub repo, sorry for the trouble!

fishbotics commented 4 days ago

OK I made you an owner. Let me know if that works! Thanks :)

On Oct 27, 2024, at 10:48 AM, Silvio Traversaro @.***> wrote:

Thanks! Let's see if maintainer is enough to enable Trusted Publisher (see https://docs.pypi.org/trusted-publishers/using-a-publisher), that should be more robust then using tokens.

Yes, apparently do enable Trusted Publishers I need to be Owner on PyPI. I tried also to change the upload token in the repo with one generated by me (that I have double factor authentication enabled), but I can't as I only have write permissions (not admin) in this repo. So I guess to unblock the situation I need either Owner permission on PyPI or Admin permissions in the GitHub repo, sorry for the trouble!

— Reply to this email directly, view it on GitHub https://github.com/fishbotics/urchin/issues/24#issuecomment-2440115385, or unsubscribe https://github.com/notifications/unsubscribe-auth/AK4QKXUTM26WCDQWEPMO6PDZ5UKPPAVCNFSM6AAAAABQTDLGM6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBQGEYTKMZYGU. You are receiving this because you were mentioned.

traversaro commented 3 days ago

Actually I just noticed that you re-started the job in https://github.com/fishbotics/urchin/actions/runs/11517565060 and it was successful now (probably a change in token or similar)? So the issue is fixed, thanks!