Merge pull request #54 from IntentProof/pypi-release-pep740 #1
release-pypi.yml
on: push
IntentProof Release: Test Python Package
15s
IntentProof Release: Publish Python Package
/
IntentProof Release: Validate Inputs
4s
IntentProof Release: Sign Python Distributions
/
IntentProof Release: Validate Inputs
3s
IntentProof Release: Publish Python Package
/
IntentProof Release: Sign Binary or Generic Artifact
IntentProof Release: Publish Python Package
/
IntentProof Release: Pack and Publish npm Package
IntentProof Release: Publish Python Package
/
IntentProof Release: Build and Publish Python Distribution
24s
IntentProof Release: Sign Python Distributions
/
IntentProof Release: Sign Binary or Generic Artifact
19s
IntentProof Release: Sign Python Distributions
/
IntentProof Release: Pack and Publish npm Package
0s
IntentProof Release: Sign Python Distributions
/
IntentProof Release: Build and Publish Python Distribution
0s
IntentProof Release: Publish Python Release Artifacts
Annotations
1 error and 5 warnings
|
IntentProof Release: Publish Python Package / IntentProof Release: Build and Publish Python Distribution
Trusted publishing exchange failure:
Token request failed: the server refused the request for the following reasons:
* `invalid-publisher`: valid token, but no corresponding publisher (Publisher with matching claims was not found)
This generally indicates a trusted publisher configuration error, but could
also indicate an internal error on GitHub or PyPI's part.
The claims rendered below are **for debugging purposes only**. You should **not**
use them to configure a trusted publisher unless they already match your expectations.
If a claim is not present in the claim set, then it is rendered as `MISSING`.
* `sub`: `repo:IntentProof/intentproof-sdk-python:ref:refs/tags/v0.2.0`
* `repository`: `IntentProof/intentproof-sdk-python`
* `repository_owner`: `IntentProof`
* `repository_owner_id`: `281156787`
* `workflow_ref`: `IntentProof/intentproof-sdk-python/.github/workflows/release-pypi.yml@refs/tags/v0.2.0`
* `job_workflow_ref`: `IntentProof/intentproof-tools/.github/workflows/release-build-sign.yml@e982df238d9f111bc1f59b7473988c0d538dabb6`
* `ref`: `refs/tags/v0.2.0`
* `environment`: `MISSING`
See https://docs.pypi.org/trusted-publishers/troubleshooting/ for more help.
|
|
IntentProof Release: Test Python Package
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
IntentProof Release: Build Python Distributions
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/setup-python@v5, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
IntentProof Release: Sign Python Distributions / IntentProof Release: Sign Binary or Generic Artifact
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/download-artifact@v4, actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
IntentProof Release: Publish Python Package / IntentProof Release: Build and Publish Python Distribution
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4, actions/download-artifact@v4, actions/setup-python@v5. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
IntentProof Release: Publish Python Package / IntentProof Release: Build and Publish Python Distribution
Potential workflow misconfiguration:
The claims in this token suggest that the calling workflow is a reusable workflow.
In particular, this action was initiated by:
IntentProof/intentproof-tools/.github/workflows/release-build-sign.yml@e982df238d9f111bc1f59b7473988c0d538dabb6
Whereas its parent workflow is:
IntentProof/intentproof-sdk-python/.github/workflows/release-pypi.yml@refs/tags/v0.2.0
Reusable workflows are **not currently supported** by PyPI's Trusted Publishing
functionality, and are subject to breakage. Users are **strongly encouraged**
to avoid using reusable workflows for Trusted Publishing until support
becomes official. Please, do not report bugs if this breaks.
For more information, see:
* https://docs.pypi.org/trusted-publishers/troubleshooting/#reusable-workflows-on-github
* https://github.com/pypa/gh-action-pypi-publish/issues/166 — subscribe to
this issue to watch the progress and learn when reusable workflows become
supported officially
|
Artifacts
Produced during runtime
| Name | Size | Digest | |
|---|---|---|---|
|
python-release-package
|
39.8 KB |
sha256:0e8fe81c9f44d87136672105e442ea8800416dfd803a5d6c4be6eb7ffb233f0e
|
|
|
release-signing-metadata
|
53.3 KB |
sha256:b1fd6138ec028e7c4642ca097e7576935540a64e7039b8b5b248119c05d81288
|
|