Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhanced error reporting: Trusted Publishing failures #334

Open
ModeSevenIndustrialSolutions opened this issue Jan 29, 2025 · 2 comments
Open

Enhanced error reporting: Trusted Publishing failures #334

ModeSevenIndustrialSolutions opened this issue Jan 29, 2025 · 2 comments
Labels
enhancement New feature or request

Comments

@ModeSevenIndustrialSolutions
Copy link

ModeSevenIndustrialSolutions commented Jan 29, 2025
edited by webknjaz
Loading

Hi,

Any chance we could get the environment parameter printed prior to failures like the one below? Could save a lot of potential time troubleshooting if this isn't being passed down an action hierarchy? Actions need it as an input parameter, but I think it also needs to be set at the job level if composite actions are called, otherwise failures can occur. If this was added, all the information would be present in the failure output below when errors occur; enough to figure out that the correct environment isn't available to the called workflow (your publishing action).

Thanks in advance, Please keep up the good work you are doing...

  • Matt

--

Trusted publishing exchange failure: 
Token request failed: the server refused the request for the following reasons:

* `invalid-publisher`: valid token, but no corresponding publisher (All lookup strategies exhausted)

This generally indicates a trusted publisher configuration error, but could
also indicate an internal error on GitHub or PyPI's part.


The claims rendered below are **for debugging purposes only**. You should **not**
use them to configure a trusted publisher unless they already match your expectations.

If a claim is not present in the claim set, then it is rendered as `MISSING`.

* `sub`: `repo:os-climate/osc-transformer-presteps:ref:refs/tags/v0.1.8`
* `repository`: `os-climate/osc-transformer-presteps`
* `repository_owner`: `os-climate`
* `repository_owner_id`: `85121681`
* `job_workflow_ref`: `os-climate/osc-transformer-presteps/.github/workflows/release.yaml@refs/tags/v0.1.8`
* `ref`: `refs/tags/v0.1.8`
@webknjaz
Copy link
Member

webknjaz commented Feb 5, 2025

The corresponding error message template is here: https://github.com/pypa/gh-action-pypi-publish/blob/e1dad8a/oidc-exchange.py#L76-L91. Here's what renders it: https://github.com/pypa/gh-action-pypi-publish/blob/e1dad8a/oidc-exchange.py#L164-L182, which is called @ https://github.com/pypa/gh-action-pypi-publish/blob/e1dad8a/oidc-exchange.py#L258.

cc @woodruffw — do you remember why we don't include the environment name in the debug output?

@webknjaz webknjaz added the enhancement New feature or request label Feb 5, 2025
@woodruffw
Copy link
Member

The corresponding error message template is here: e1dad8a/oidc-exchange.py#L76-L91. Here's what renders it: e1dad8a/oidc-exchange.py#L164-L182, which is called @ e1dad8a/oidc-exchange.py#L258.

cc @woodruffw — do you remember why we don't include the environment name in the debug output?

Nope, I think that was purely an oversight. Adding it to the debug output makes a lot of sense to me!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webknjaz @woodruffw @ModeSevenIndustrialSolutions