Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Test.pypi.org returning 500 #25

Closed
tzulberti-jampp opened this issue Feb 19, 2020 · 5 comments · Fixed by #122
Closed

Test.pypi.org returning 500 #25

tzulberti-jampp opened this issue Feb 19, 2020 · 5 comments · Fixed by #122
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed

Comments

@tzulberti-jampp
Copy link

tzulberti-jampp commented Feb 19, 2020

I am not sure if this belongs here, but I am having an issue when using this Github Action.

This is the link to the github run that failed:
https://github.com/jampp/migratron/pull/25/checks?check_run_id=456554120

and the content is:

Uploading distributions to https://test.pypi.org/legacy/
Uploading migratron-1.1.0-py3-none-any.whl

  0%|          | 0.00/30.5k [00:00<?, ?B/s]
100%|██████████| 30.5k/30.5k [00:00<00:00, 135kB/s]
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 1 of 5
Uploading migratron-1.1.0-py3-none-any.whl

  0%|          | 0.00/30.5k [00:00<?, ?B/s]
100%|██████████| 30.5k/30.5k [00:00<00:00, 177kB/s]
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 2 of 5
Uploading migratron-1.1.0-py3-none-any.whl

  0%|          | 0.00/30.5k [00:00<?, ?B/s]
100%|██████████| 30.5k/30.5k [00:00<00:00, 187kB/s]
Received "500: Internal Server Error" Package upload appears to have failed.  Retry 3 of 5
Uploading migratron-1.1.0-py3-none-any.whl

  0%|          | 0.00/30.5k [00:00<?, ?B/s]
100%|██████████| 30.5k/30.5k [00:00<00:00, 276kB/s]
  Post actions/checkout@v2

If I run:

TWINE_USERNAME="__token__" \
TWINE_PASSWORD="pypi-foobar" \
TWINE_REPOSITORY_URL="https://test.pypi.org/legacy/" \
twine upload dist/*

with a valid TWINE_PASSWORD that works ok. If I use an invalid password ir returns a 403 and not a 500

@webknjaz
Copy link
Member

Let's ask @ewdurbin to check. Because HTTP 500 is a server error. But in general it seems to belong to the warehouse repo.

@webknjaz webknjaz added the help wanted Extra attention is needed label Feb 22, 2020
@ewdurbin
Copy link
Member

This may be related to pypi/warehouse#7298

@webknjaz
Copy link
Member

@ewdurbin do you want to transfer this issue there? Should I try stripping off the newlines here?

@hugovk
Copy link
Contributor

hugovk commented Mar 1, 2020

pypi/warehouse#7298 has been closed (by pypi/warehouse#7424).

OK to close this one?

@webknjaz
Copy link
Member

webknjaz commented Mar 7, 2020

Not sure, maybe we should do a better job stripping the input.

@webknjaz webknjaz added enhancement New feature or request good first issue Good for newcomers labels Mar 7, 2020
webknjaz pushed a commit to colindean/gh-action-pypi-publish that referenced this issue Mar 10, 2023
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes pypa#25.
webknjaz pushed a commit to colindean/gh-action-pypi-publish that referenced this issue Mar 10, 2023
Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes pypa#25.
woodruffw added a commit to trail-of-forks/gh-action-pypi-publish that referenced this issue Mar 13, 2023
Just for testing.

Signed-off-by: William Woodruff <william@trailofbits.com>

action, twine-upload: scaffolding

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: initial skeleton

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange, twine-upload: tweakage

Signed-off-by: William Woodruff <william@trailofbits.com>

twine, oidc: move mask back into exchange

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: TestPyPI support

Signed-off-by: William Woodruff <william@trailofbits.com>

action: remove oidc_audience input

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: debugging

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: debugging

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: typo

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: audience negotiation

Signed-off-by: William Woodruff <william@trailofbits.com>

debug: dump JWT payload

This is not sensitive, since we strip the signature.

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: typo

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: debugging

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: oopsie

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: undo debugging changes

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: switch to `id` for OIDC cred

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: better error messages/step summaries

Signed-off-by: William Woodruff <william@trailofbits.com>

remove `dry_run`

Signed-off-by: William Woodruff <william@trailofbits.com>

requirements: `pip-compile`

Signed-off-by: William Woodruff <william@trailofbits.com>

Bump cryptography from 38.0.4 to 39.0.1 in /requirements

Bumps [cryptography](https://github.com/pyca/cryptography) from 38.0.4 to 39.0.1.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@38.0.4...39.0.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

⇪ Bump isort to v5.12.0

The previous version had a Poetry packaging problem. This patch
fixes that.

🎨 Warn about empty password/token action input

Before this patch, the warning would say that the token was
expected to start with `pypi-` but it may be unobvious. With this
change, the end-users are warned when they're passing a completely
empty password value.

Fixes pypa#25.

🎨 Convert action inputs to use kebab-case

Up until now, the action input names followed the snake_case naming
pattern that is well familiar to the pythonistas. But in GitHub
actions, the de-facto standard is using kebab-case, which is what
this patch achieves.
This style helps make the keys in YAML better standardized and
distinguishable from other identifiers.
The old snake_case names remain functional for the time being and will
not be removed until at least v3 release of this action.

🐛 Make kebab options fall back for snake_case

The previous release didn't take into account the action defaults so
the promised fallbacks for the old input names didn't work. This patch
corrects that mistake.

oidc-exchange: context manager

Signed-off-by: William Woodruff <william@trailofbits.com>

twine-upload: reflow

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: input normalization

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: reflow

Signed-off-by: William Woodruff <william@trailofbits.com>

runtime.in: document dependency

Signed-off-by: William Woodruff <william@trailofbits.com>

twine-upload: enquote

Signed-off-by: William Woodruff <william@trailofbits.com>

twine-upload: only do OIDC flow when user is token

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: reflow

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: reflow

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exhcange: factor out audience call check

Signed-off-by: William Woodruff <william@trailofbits.com>

README: document OIDC publishing

Signed-off-by: William Woodruff <william@trailofbits.com>

oidc-exchange: reflow

Signed-off-by: William Woodruff <william@trailofbits.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants