search

pypa / gh-action-pypi-publish

The blessed :octocat: GitHub Action, for publishing your :package: distribution files to PyPI, the tokenless way: https://github.com/marketplace/actions/pypi-publish
https://packaging.python.org/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
BSD 3-Clause "New" or "Revised" License
930 stars 87 forks source link

Question: Workflows failing with "skip-existing" #282

Closed marksweb closed 1 week ago

marksweb commented 1 week ago

I have a workflow setup to ensure merged PRs don't break releases, so it uses skip-existing

    - name: Publish distribution 📦 to Test PyPI
      uses: pypa/gh-action-pypi-publish@release/v1
      with:
        repository-url: https://test.pypi.org/legacy/
        skip-existing: true

But this causes a 400 because there's an sdist already uploaded for the release.

 WARNING  Skipping django_nh3-0.1.1-py3-none-any.whl because it appears to       
         already exist                                                          
Uploading django_nh3-0.1.1.tar.gz
INFO     Response from https://test.pypi.org/legacy/:                           
         400 Bad Request                                                        
INFO     <html>                                                                 
          <head>                                                                
           <title>400 Only one sdist may be uploaded per release.</title>       
          </head>                                                               
          <body>                                                                
           <h1>400 Only one sdist may be uploaded per release.</h1>             
           The server could not comply with the request since it is either      
         malformed or otherwise incorrect.<br/><br/>                            
         Only one sdist may be uploaded per release.                            

          </body>                                                               
         </html>                                                                
ERROR    HTTPError: 400 Bad Request from https://test.pypi.org/legacy/          
         Bad Request

I can see the wheel gets skipped, but shouldn't the workflow catch an error like this if the flag is set?

webknjaz commented 1 week ago

We just pass the corresponding CLI flag to twine upload. Beyond that, we can't control how it behaves. This should probably be reported on the Twine's tracker.

But in general, I really dislike this flag as this hack is a footgun. I prefer vehsions to be unique, which build backend plugins like setuptools-scm help me with — this produces different versions for different commits so there's no no need to ignore cases of somebody uploading the same version w/o my knowledge. Plus, there's a corner case for deleted projects that got new owners who they try to upload versions that existed at any point in the past, which this feature would hide and may cause an insanely difficult debugging experience.

marksweb commented 1 week ago

@webknjaz Thank you for clarifying, I wasn't sure if there was some pass/fail handling going on here based on what happens.

And I agree with you, it's just a case of that being the easy implementation without changing the versioning scheme from SemVar. It's one of those todo list items to come to one day.

webknjaz commented 1 week ago

@marksweb here's my solution: https://github.com/ansible/awx-plugins/blob/c7fc0a1/.github/workflows/ci-cd.yml#L485-L538.