Having a new check to avoid redirects from PyPI #809
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -324,10 +324,12 @@ def _handle_certificates( | |
| self.client_cert = utils.get_clientcert(client_cert, self.repository_config) | ||
|
|
||
| def check_repository_url(self) -> None: | ||
| """Verify we are not using legacy PyPI and using the correct url for PyPI. | ||
|
|
||
| :raises: | ||
| :class:`~twine.exceptions.UploadToDeprecatedPyPIDetected` | ||
| :raises: | ||
| :class:`~twine.exceptions.InvalidPyPIUploadURL` | ||
| """ | ||
| repository_url = cast(str, self.repository_config["repository"]) | ||
|
|
||
|
|
@@ -338,6 +340,21 @@ def check_repository_url(self) -> None: | |
| repository_url, utils.DEFAULT_REPOSITORY, utils.TEST_REPOSITORY | ||
| ) | ||
|
|
||
| if repository_url.startswith( | ||
| ("https://pypi.org/", "https://test.pypi.org/", "https://upload.pypi.org/") | ||
| ) and repository_url not in [utils.DEFAULT_REPOSITORY, utils.TEST_REPOSITORY]: | ||
| raise exceptions.InvalidPyPIUploadURL( | ||
| f"The configured repository {repository_url} is not a known " | ||
| f"PyPI repository.\n" | ||
| f"Did you mean {utils.DEFAULT_REPOSITORY} " | ||
| f"or {utils.TEST_REPOSITORY} ?\n" | ||
| f"Check your --repository-url value or " | ||
| f"modify the url in {self.config_file} " | ||
| f"(if you are using -r or --repository),\n" | ||
| f"so twine can upload your distributions properly.\n" | ||
| f"See {utils.PYPIRC_DOCS} for more details." | ||
| ) | ||
|
|
||
|
There was a problem hiding this comment. I fixed the failing test and adding coverage for the new behavior in 414625b, but looking at the drop in coverage via Codecov emphasized my point in #809 (comment), i.e. that this is similar to Taking a closer look at that, plus the comments in #310, plus my initial attempt in #460 to offer a better error message, I'm now wondering if it's needlessly redundant, with the primary difference being that this executes before an upload, while In other words, this feels like a case of "Look Before You Leap" vs "It's Easter to Ask Forgiveness than Permission", and with this PR, I think we're doing both. I'm going to mull this over a bit, and maybe put up another PR that improves the EAFP approach. @meowmeowmeowcat Apologies for the confusion here; I should have taken a closer look at the existing behavior. There was a problem hiding this comment. @bhrutledge I think the improved message in #812 would be also helpful: But I also think that having this check will save folks' time. They will know there is an error in the config or There was a problem hiding this comment. It's true that it will save a little bit of time, but I'm not sure it's worth the added complexity and technical debt of duplicated logic. It's also not as robust as the repository-independent implementation in #812. Furthermore, if PyPI ever supports a different URL, then this implementation will block people from uploading to it at all. There was a problem hiding this comment. I see. Probably this PR can be closed? The improved message in #812 is enough. There was a problem hiding this comment. I'd like to get @sigmavirus24's feedback on #812 first. |
||
| def create_repository(self) -> repository.Repository: | ||
| """Create a new repository for uploading.""" | ||
| repo = repository.Repository( | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think the parenthetical is necessary or helpful as written
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using
--repository-url https://test.pypi.org/legacywill also raiseInvalidPyPIUploadURL. Probably folks who use--repository-urlwon't know what is~/.pypircand makes confusion to them?