search

pypa / packaging-problems

An issue tracker for the problems in packaging
149 stars 34 forks source link

Error while uploading package through local build following instructions from the official website #776

Closed ishan-surana closed 3 months ago

ishan-surana commented 3 months ago

Problem description

I had created a package and wished to upload it to PyPI. While following the instructions from the official website, I faced the following error:-

PS > python3 -m twine upload --repository testpypi dist/*

Uploading distributions to https://test.pypi.org/legacy/
Uploading <PACKAGE_NAME>-<VERSION>-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 19.4/19.4 kB • 00:00 • ?
WARNING  Error during upload. Retry with the --verbose option for more details.
ERROR    HTTPError: 403 Forbidden from https://test.pypi.org/legacy/
         Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.

My config file is set-up properly as per the instructions. This is the output when I tried again with verbose:-

PS > python3 -m twine upload --repository testpypi dist/* --verbose
INFO     Using configuration from <HOME_DIR>\.pypirc
Uploading distributions to https://test.pypi.org/legacy/
INFO     dist\<PACKAGE_NAME>-<VERSION>-py3-none-any.whl (12.2 KB)
INFO     dist\<PACKAGE_NAME>-<VERSION>.tar.gz (11.1 KB)
INFO     password set by command options
INFO     username: __token__
INFO     password: <hidden>
Uploading <PACKAGE_NAME>-<VERSION>-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ <SIZE>/<SIZE> kB • 00:00 • ?
INFO     Response from https://test.pypi.org/legacy/:
         403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.
INFO     <html>
          <head>
           <title>403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth
         for more information.</title>
          </head>
          <body>
           <h1>403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for
         more information.</h1>
           Access was denied to this resource.<br/><br/>
         Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.

          </body>
         </html>
ERROR    HTTPError: 403 Forbidden from https://test.pypi.org/legacy/
         Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.

As of now, I have successfully published the package using GitHub actions. However, since the official steps to publish the package don't seem to be working for me, I wish to know what is going wrong. I have aptly stored the API key and made the pyirc file mentioned as well.

sinoroc commented 3 months ago

Did you register on the Test PyPI? If I recall correctly you need a separate set of credentials for the Test PyPI and the normal PyPI. I ask because I have seen this happen multiple times (maybe there is something a bit unclear on this in the documentation).

ishan-surana commented 3 months ago

It seems I had registered on normal PyPI instead of Test PyPI. Could you explain why there are 2 separate websites for package publishing? Also, since my package is already published using the GitHub actions, can I link my Test PyPI and normal PyPI accounts since the Test PyPI shows no package despite me using the same email for both the sites?

ishan-surana commented 3 months ago

Also, just as a suggestion, since you mentioned many people facing the same issue, would it be possible to update the documentation with a NOTE or WARNING box explaining users to go to the Test PyPI website rather than the original? It would surely be a little more eye-catching, thereby reducing the same issue for future users.

jeanas commented 3 months ago

Could you explain why there are 2 separate websites for package publishing?

TestPyPI is an instance of the same software that powers PyPI, but separate and meant to do all sorts of tests. So you can, for example, upload empty packages, create multiple accounts and add them to a project, and anything you might want to check how PyPI works, without affecting the actual PyPI.

can I link my Test PyPI and normal PyPI accounts

Not sure I understand why you want to do this, but no, they are completely separate.

ishan-surana commented 3 months ago

UPDATE

I tried uploading again after generating the token from Test PyPI. But it gave the same error.

PS > python3 -m twine upload --repository testpypi dist/* --verbose
INFO     Using configuration from <HOME_DIR>\.pypirc
Uploading distributions to https://test.pypi.org/legacy/
INFO     dist\<PACKAGE_NAME>-<VERSION>-py3-none-any.whl (<SIZE> KB)
INFO     dist\<PACKAGE_NAME>-<VERSION>.tar.gz (<SIZE> KB)
INFO     password set by command options
INFO     username: __token__
INFO     password: <hidden>
Uploading <PACKAGE_NAME>-<VERSION>-py3-none-any.whl
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ <SIZE>/<SIZE> kB • 00:00 • ?
INFO     Response from https://test.pypi.org/legacy/:
         403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.
INFO     <html>
          <head>
           <title>403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth
         for more information.</title>
          </head>
          <body>
           <h1>403 Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for
         more information.</h1>
           Access was denied to this resource.<br/><br/>
         Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.

          </body>
         </html>
ERROR    HTTPError: 403 Forbidden from https://test.pypi.org/legacy/
         Invalid or non-existent authentication information. See https://test.pypi.org/help/#invalid-auth for more
         information.
ishan-surana commented 3 months ago

Could you explain why there are 2 separate websites for package publishing?

TestPyPI is an instance of the same software that powers PyPI, but separate and meant to do all sorts of tests. So you can, for example, upload empty packages, create multiple accounts and add them to a project, and anything you might want to check how PyPI works, without affecting the actual PyPI.

can I link my Test PyPI and normal PyPI accounts

Not sure I understand why you want to do this, but no, they are completely separate.

So packages uploaded to Test PyPI can still be accessed through pip as if they were official versions of a package?

jeanas commented 3 months ago

So packages uploaded to Test PyPI can still be accessed through pip as if they were official versions of a package?

Only if you pass --index-url https://test.pypi.org/simple/ to pip install (as is done in the instructions at the end of the tutorial).

ishan-surana commented 3 months ago

So packages uploaded to Test PyPI can still be accessed through pip as if they were official versions of a package?

Only if you pass --index-url https://test.pypi.org/simple/ to pip install (as is done in the instructions at the end of the tutorial).

Understood, thank you. But about my main issue, it is not working even with API token from Test PyPI

sinoroc commented 3 months ago

it is not working even with API token from Test PyPI

This is near impossible for us to debug this for you. We obviously do not have access to your credentials, and we obviously can not check that you are using the credentials correctly.

Have you checked the info at the link from the error message? https://test.pypi.org/help/#invalid-auth

NOTE or WARNING box explaining users to go to the Test PyPI website rather than the original

Where do you feel like it would make most sense to place this note?

ishan-surana commented 3 months ago

Yes, I checked the formatting of my pyirc file and the file is correctly configured. I have also verified the new token with its identifier displayed. Please let me know if there is anything I can provide you with that could help resolving this issue.

Where do you feel like it would make most sense to place this note?

I feel it would be nice to place the note in this section Uploading the distribution archives. While I agree that the target website is quite clearly mentioned as test.pypi.org, @sinoroc had mentioned many people seem to have made this mistake and it would be nice to have a little note of caution there.

jeanas commented 3 months ago

Does it change anything if you authenticate through the terminal instead of .pypirc?

ishan-surana commented 3 months ago

Yes! It uploaded successfully when I deleted the .pypirc and pasted the token manually. What may have been causing the issue? I had copied the contents exactly as shown on the screen immediately after generating the token.

Edit:- sorry closed the issue by mistake

merwok commented 3 months ago

Show us the .pypirc, with tokens or passwords replaced by ****

ishan-surana commented 3 months ago

Update:- It seems to be working now with the pypirc as well. It started logging in correctly after I put the password by manually copying. Sorry for the trouble, I have no idea what happened.