Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mention in the docs that reusable workflows aren't supported right now #186

Merged
merged 3 commits into from
Feb 5, 2024
Merged

Mention in the docs that reusable workflows aren't supported right now #186

merged 3 commits into from
Feb 5, 2024

Conversation

virtuald
Copy link
Contributor

Reusable workflows don't work, and it's challenging to know that. Help the user out.

@virtuald virtuald mentioned this pull request Oct 23, 2023
Open
@webknjaz
Copy link
Member

@woodruffw thoughts?

@virtuald
Copy link
Contributor Author

Also added a note to the README. I spent two hours trying to figure out why it wasn't working, hopefully this will save someone else some time.

@woodruffw
Copy link
Member

@woodruffw thoughts?

I'm a slight 👎 on unconditionally spitting out this warning: in many cases, it'll unnecessarily confuse users who are trying to debug trusted publishers that are failing for other reasons.

That being said: maybe we could render it conditionally? Perhaps if we can somehow detect that the context is a reusable workflow?

@virtuald
Copy link
Contributor Author

Well even if the error isn't output, it does seem like it would be good to put in the README since it's all like "The only good and righteous way to publish to pypi via github actions is through trusted publishing".. which doesn't work.

FWIW, I hadn't seen the troubleshooting section of the documentation at all, but good to know it's there.

@virtuald
Copy link
Contributor Author

I'm a slight 👎 on unconditionally spitting out this warning

Fine, what about just putting a link to the troubleshooting page then?

@woodruffw
Copy link
Member

Well even if the error isn't output, it does seem like it would be good to put in the README since it's all like "The only good and righteous way to publish to pypi via github actions is through trusted publishing".. which doesn't work.

This snark isn't necessary: everybody here is trying their best to help resolve your issue, and nobody's goal is to waste your time (or anyone else's). We've tried our best to document trusted publishing's limitations in public places.

Fine, what about just putting a link to the troubleshooting page then?

This seems reasonable to me. I prefer error specialization wherever possible, but linking to the overall troubleshooting page is a reasonable stop-gap until we figure out the right way to detect that we're in a reusable workflow.

webknjaz
webknjaz reviewed Nov 29, 2023
View reviewed changes
oidc-exchange.py Outdated Show resolved Hide resolved
webknjaz
webknjaz reviewed Nov 29, 2023
View reviewed changes
README.md Outdated Show resolved Hide resolved
virtuald and others added 3 commits December 20, 2023 15:11
@virtuald @webknjaz
Give more information to users
a1a4995 
Reusable workflows don't work, and it's challenging to know that. Help the user out.
@virtuald @webknjaz
Update oidc-exchange.py
dea1d70 
Co-authored-by: Sviatoslav Sydorenko <wk.cvs.github@sydorenko.org.ua>
@virtuald @webknjaz
Update README.md
415d7a6 
Add suggested changes.
woodruffw
woodruffw approved these changes Dec 20, 2023
View reviewed changes
Copy link
Member

@woodruffw woodruffw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@webknjaz webknjaz changed the title Give more information to users Mention in the docs that reusable workflows aren't supported right now Feb 5, 2024
@webknjaz webknjaz merged commit e82f99a into pypa:unstable/v1 Feb 5, 2024
2 checks passed
renovate bot added a commit to allenporter/pyrainbird that referenced this pull request Feb 28, 2024
@renovate
Update pypa/gh-action-pypi-publish action to v1.8.12 (#369)
4924a3b 
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.11` -> `v1.8.12` |

---

### Release Notes

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.12`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.12)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.11...v1.8.12)

#### 💅 Cosmetic Output Improvements


[@&#8203;woodruffw](https://togithub.com/woodruffw)[💰](https://togithub.com/sponsors/woodruffw)
replaced the notice annotations with simplified debug messages related
to authentication methanism selection via
[#&#8203;196](https://togithub.com/pypa/gh-action-pypi-publish/issues/196).
The also improved the error clarity during OIDC exchange on PRs from
forks via
[#&#8203;203](https://togithub.com/pypa/gh-action-pypi-publish/issues/203).

#### 📝 What's Documented


[@&#8203;virtuald](https://togithub.com/virtuald)[💰](https://togithub.com/sponsors/virtuald)
updated the docs and pointer messages were updated to mention that
reusable workflows aren't supported right now in
[#&#8203;186](https://togithub.com/pypa/gh-action-pypi-publish/issues/186)
and
[@&#8203;xuanzhi33](https://togithub.com/xuanzhi33)[💰](https://togithub.com/sponsors/xuanzhi33)
later corrected the markdown syntax there via
[#&#8203;216](https://togithub.com/pypa/gh-action-pypi-publish/issues/216).

#### 🛠️ Internal Dependencies

- pre-commit linters got autoupdated @&#8203;
[#&#8203;204](https://togithub.com/pypa/gh-action-pypi-publish/issues/204)
- Cryptography was bumped from 41.0.6 to 42.0.4 @&#8203;
[#&#8203;210](https://togithub.com/pypa/gh-action-pypi-publish/issues/210),
[#&#8203;213](https://togithub.com/pypa/gh-action-pypi-publish/issues/213)
and
[#&#8203;214](https://togithub.com/pypa/gh-action-pypi-publish/issues/214)

#### ⚙️  Secret Stuff

[@&#8203;woodruffw](https://togithub.com/woodruffw) proactively updated
the OIDC minting API endpoint used during the exchange via
[#&#8203;206](https://togithub.com/pypa/gh-action-pypi-publish/issues/206).
Nothing you should be too concerned about, promise!

#### 💪 New Contributors

- [@&#8203;virtuald](https://togithub.com/virtuald) made their first
contribution in
[pypa/gh-action-pypi-publish#186
- [@&#8203;xuanzhi33](https://togithub.com/xuanzhi33) made their first
contribution in
[pypa/gh-action-pypi-publish#216

**🪞 Full Diff**:
pypa/gh-action-pypi-publish@v1.8.11...v1.8.12

**:man_beard: Release Manager:** [@&#8203;webknjaz
🇺🇦](https://togithub.com/sponsors/webknjaz)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/allenporter/pyrainbird).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMTIuMCIsInVwZGF0ZWRJblZlciI6IjM3LjIxMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@webknjaz webknjaz webknjaz approved these changes

@woodruffw woodruffw woodruffw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@virtuald @webknjaz @woodruffw