search

pypa / gh-action-pypi-publish

The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI, the tokenless way: https://github.com/marketplace/actions/pypi-publish
https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
BSD 3-Clause "New" or "Revised" License
929 stars 87 forks source link

Publishing to PyPI fails with HTTPError: 403 Forbidden #224

Closed hagenw closed 7 months ago

hagenw commented 7 months ago

Since today this action stopped working for me.

My configuration looks like this:

# ...
jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: release
    permissions:
      contents: write
      id-token: write
    concurrency:
      group: ${{ github.workflow }}-${{ github.ref }}

# ...

    # PyPI package
    - name: Build Python package
      run: python -m build

    - name: Publish Python package to PyPI
      uses: pypa/gh-action-pypi-publish@release/v1

I have a "release" environment configured on Github, and added the repository as a trusted publisher to PyPI:

image

With the same settings publishing a PyPI package worked on 2024/03/27, but not on 2024/03/28. The error I'm getting:

image

hagenw commented 7 months ago

On https://status.python.org, they write:

image

But I don't have a new project, it's just a release for an already existing and registered project.

mouday commented 7 months ago

me too. mabbey will ok in the tomarrow.

webknjaz commented 7 months ago

Looks like this has been addressed already.

webknjaz commented 7 months ago

@hagenw I also strongly suggest building in a separate job for security reasons.