Prepare workflows for trusted publishing #574
Conversation
sovrasov
force-pushed
the
vs/trusted_publishing
branch
from
7a1b299 to
ff4a2e9
Compare
.github/workflows/build-package.yaml
Outdated
| fi | ||
|
|
||
| uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 | ||
| if: ${{ secrets.PYPI_HOST == 'test.pypi.org' }} |
There was a problem hiding this comment.
I tested on branch [leo/test-trusted-publishing](https://github.com/openvinotoolkit/geti-sdk/tree/refs/heads/leo/test-trusted-publishing), it raises the error:
Invalid workflow file: .github/workflows/build-package-test-pypi.yaml#L14
The workflow is not valid. In .github/workflows/build-package-test-pypi.yaml (Line: 14, Col: 11): Error from called workflow openvinotoolkit/geti-sdk/.github/workflows/build-package.yaml@427f832592e6e8f8f2bfd5f072efe87700783d44 (Line: 69, Col: 13): Unrecognized named-value: 'secrets'. Located at position 1 within expression: secrets.PYPI_HOST == 'test.pypi.org'
There was a problem hiding this comment.
I think you should replace secrets.PYPI_HOST with $PYPI_HOST
There was a problem hiding this comment.
@leoll2 thanks for checking, I was slightly afraid of actual launching this script in an unfamiliar repo
There was a problem hiding this comment.
Thanks for the changes. I'm afraid the workflow is still invalid:
https://github.com/open-edge-platform/geti-sdk/actions/runs/14079845057
Invalid workflow file: .github/workflows/build-package-test-pypi.yaml#L14
The workflow is not valid. In .github/workflows/build-package-test-pypi.yaml (Line: 14, Col: 11): Error from called workflow 38c8ff2 (Line: 69, Col: 13): Unrecognized named-value: 'PYPI_HOST'. Located at position 1 within expression: PYPI_HOST == 'test.pypi.org'
That step is required by security team prior to the repo moving.
Pypi-related secrets were removed from the repo.