def upload(upload_settings: settings.Settings, dists: List[str]) -> None:
dists = commands._find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = {os.path.basename(d): d for d in dists if d.endswith(".asc")}
uploads = [i for i in dists if not i.endswith(".asc")]
upload_settings.check_repository_url()
repository_url = cast(str, upload_settings.repository_config["repository"])
print(f"Uploading distributions to {repository_url}")
packages_to_upload = [
_make_package(filename, signatures, upload_settings)
for filename in uploads
]
repository = upload_settings.create_repository()
uploaded_packages = []
for package in packages_to_upload:
skip_message = " Skipping {} because it appears to already exist".format(
package.basefilename)
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if upload_settings.skip_existing and repository.package_is_uploaded(
package):
print(skip_message)
continue
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exceptions.RedirectDetected.from_args(
repository_url,
resp.headers["location"],
)
if skip_upload(resp, upload_settings.skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp, upload_settings.verbose)
uploaded_packages.append(package)
release_urls = repository.release_urls(uploaded_packages)
if release_urls:
print("\nView at:")
for url in release_urls:
print(url)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
def upload(upload_settings, dists):
dists = _find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = dict(
(os.path.basename(d), d) for d in dists if d.endswith(".asc")
)
uploads = [i for i in dists if not i.endswith(".asc")]
upload_settings.check_repository_url()
repository_url = upload_settings.repository_config['repository']
print("Uploading distributions to {0}".format(repository_url))
repository = upload_settings.create_repository()
for filename in uploads:
package = PackageFile.from_filename(filename, upload_settings.comment)
skip_message = (
" Skipping {0} because it appears to already exist".format(
package.basefilename)
)
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if (upload_settings.skip_existing and
repository.package_is_uploaded(package)):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif upload_settings.sign:
package.sign(upload_settings.sign_with, upload_settings.identity)
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exc.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(repository_url,
resp.headers["location"]))
if skip_upload(resp, upload_settings.skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp, upload_settings.verbose)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
return True
def test_check_status_code_for_deprecated_pypi_url(repo_url):
response = pretend.stub(
status_code=410,
url=repo_url
)
# value of Verbose doesn't matter for this check
with pytest.raises(exceptions.UploadToDeprecatedPyPIDetected):
utils.check_status_code(response, False)
def upload(upload_settings, dists):
dists = _find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = {os.path.basename(d): d for d in dists if d.endswith(".asc")}
uploads = [i for i in dists if not i.endswith(".asc")]
upload_settings.check_repository_url()
repository_url = upload_settings.repository_config['repository']
print("Uploading distributions to {}".format(repository_url))
repository = upload_settings.create_repository()
for filename in uploads:
package = PackageFile.from_filename(filename, upload_settings.comment)
skip_message = (
" Skipping {} because it appears to already exist".format(
package.basefilename)
)
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if (upload_settings.skip_existing and
repository.package_is_uploaded(package)):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif upload_settings.sign:
package.sign(upload_settings.sign_with, upload_settings.identity)
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exceptions.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(repository_url,
resp.headers["location"]))
if skip_upload(resp, upload_settings.skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp, upload_settings.verbose)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
def test_check_status_code_for_missing_status_code(capsys, repo_url):
"""Print HTTP errors based on verbosity level."""
response = pretend.stub(
status_code=403,
url=repo_url,
raise_for_status=pretend.raiser(requests.HTTPError),
text="Forbidden",
)
with pytest.raises(requests.HTTPError):
utils.check_status_code(response, True)
# Different messages are printed based on the verbose level
captured = capsys.readouterr()
assert captured.out == "Content received from server:\nForbidden\n"
with pytest.raises(requests.HTTPError):
utils.check_status_code(response, False)
captured = capsys.readouterr()
assert captured.out == "NOTE: Try --verbose to see response content.\n"
def test_check_status_code_for_missing_status_code(
capsys, repo_url, verbose, make_settings
):
"""Print HTTP errors based on verbosity level."""
response = pretend.stub(
status_code=403,
url=repo_url,
raise_for_status=pretend.raiser(requests.HTTPError),
text="Forbidden",
)
make_settings(verbose=verbose)
with pytest.raises(requests.HTTPError):
utils.check_status_code(response, verbose)
captured = capsys.readouterr()
if verbose:
assert captured.out.count("Content received from server:\nForbidden\n") == 1
else:
assert captured.out.count("NOTE: Try --verbose to see response content.\n") == 1
def upload(dists, repository, sign, identity, username, password, comment,
sign_with, config_file, skip_existing, cert, client_cert,
repository_url):
# Check that a nonsensical option wasn't given
if not sign and identity:
raise ValueError("sign must be given along with identity")
dists = find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = dict(
(os.path.basename(d), d) for d in dists if d.endswith(".asc"))
uploads = [i for i in dists if not i.endswith(".asc")]
config = utils.get_repository_from_config(
config_file,
repository,
repository_url,
)
config["repository"] = utils.normalize_repository_url(config["repository"])
print("Uploading distributions to {0}".format(config["repository"]))
username = utils.get_username(username, config)
password = utils.get_password(
config["repository"],
username,
password,
config,
)
ca_cert = utils.get_cacert(cert, config)
client_cert = utils.get_clientcert(client_cert, config)
repository = Repository(config["repository"], username, password)
repository.set_certificate_authority(ca_cert)
repository.set_client_certificate(client_cert)
for filename in uploads:
package = PackageFile.from_filename(filename, comment)
skip_message = (
" Skipping {0} because it appears to already exist".format(
package.basefilename))
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if skip_existing and repository.package_is_uploaded(package):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif sign:
package.sign(sign_with, identity)
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exc.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(config["repository"],
resp.headers["location"]))
if skip_upload(resp, skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
def upload(upload_settings, dists):
dists = _find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = {os.path.basename(d): d for d in dists if d.endswith(".asc")}
uploads = [i for i in dists if not i.endswith(".asc")]
upload_settings.check_repository_url()
repository_url = upload_settings.repository_config['repository']
print(f"Uploading distributions to {repository_url}")
repository = upload_settings.create_repository()
uploaded_packages = []
for filename in uploads:
package = PackageFile.from_filename(filename, upload_settings.comment)
skip_message = (
" Skipping {} because it appears to already exist".format(
package.basefilename))
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if (upload_settings.skip_existing
and repository.package_is_uploaded(package)):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif upload_settings.sign:
package.sign(upload_settings.sign_with, upload_settings.identity)
# Suppress TLS verification warning on trusted custom certs
with warnings.catch_warnings():
warnings.simplefilter("ignore")
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exceptions.RedirectDetected.from_args(
repository_url,
resp.headers["location"],
)
if skip_upload(resp, upload_settings.skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp, upload_settings.verbose)
uploaded_packages.append(package)
release_urls = repository.release_urls(uploaded_packages)
if release_urls:
print('\nView at:')
for url in release_urls:
print(url)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
def upload(dists, repository, sign, identity, username, password, comment,
sign_with, config_file, skip_existing, cert, client_cert,
repository_url):
# Check that a nonsensical option wasn't given
if not sign and identity:
raise ValueError("sign must be given along with identity")
dists = find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = dict(
(os.path.basename(d), d) for d in dists if d.endswith(".asc")
)
uploads = [i for i in dists if not i.endswith(".asc")]
config = utils.get_repository_from_config(
config_file,
repository,
repository_url,
)
config["repository"] = utils.normalize_repository_url(
config["repository"]
)
print("Uploading distributions to {0}".format(config["repository"]))
username = utils.get_username(username, config)
password = utils.get_password(
config["repository"], username, password, config,
)
ca_cert = utils.get_cacert(cert, config)
client_cert = utils.get_clientcert(client_cert, config)
repository = Repository(config["repository"], username, password)
repository.set_certificate_authority(ca_cert)
repository.set_client_certificate(client_cert)
for filename in uploads:
package = PackageFile.from_filename(filename, comment)
skip_message = (
" Skipping {0} because it appears to already exist".format(
package.basefilename)
)
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if skip_existing and repository.package_is_uploaded(package):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif sign:
package.sign(sign_with, identity)
resp = repository.upload(package)
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exc.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(config["repository"],
resp.headers["location"]))
if skip_upload(resp, skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
def upload(dists, repository, sign, identity, username, password, comment,
sign_with, config_file, skip_existing, cert, client_cert,
repository_url):
# Check that a nonsensical option wasn't given
if not sign and identity:
raise ValueError("sign must be given along with identity")
dists = find_dists(dists)
# Determine if the user has passed in pre-signed distributions
signatures = dict(
(os.path.basename(d), d) for d in dists if d.endswith(".asc"))
uploads = [i for i in dists if not i.endswith(".asc")]
config = utils.get_repository_from_config(
config_file,
repository,
repository_url,
)
config["repository"] = utils.normalize_repository_url(config["repository"])
print("Uploading distributions to {0}".format(config["repository"]))
if config["repository"].startswith((LEGACY_PYPI, LEGACY_TEST_PYPI)):
raise exc.UploadToDeprecatedPyPIDetected(
"You're trying to upload to the legacy PyPI site '{0}'. "
"Uploading to those sites is deprecated. \n "
"The new sites are pypi.org and test.pypi.org. Try using "
"{1} (or {2}) to upload your packages instead. "
"These are the default URLs for Twine now. \n More at "
"https://packaging.python.org/guides/migrating-to-pypi-org/ "
".".format(config["repository"], utils.DEFAULT_REPOSITORY,
utils.TEST_REPOSITORY))
username = utils.get_username(username, config)
password = utils.get_password(
config["repository"],
username,
password,
config,
)
ca_cert = utils.get_cacert(cert, config)
client_cert = utils.get_clientcert(client_cert, config)
repository = Repository(config["repository"], username, password)
repository.set_certificate_authority(ca_cert)
repository.set_client_certificate(client_cert)
for filename in uploads:
package = PackageFile.from_filename(filename, comment)
skip_message = (
" Skipping {0} because it appears to already exist".format(
package.basefilename))
# Note: The skip_existing check *needs* to be first, because otherwise
# we're going to generate extra HTTP requests against a hardcoded
# URL for no reason.
if skip_existing and repository.package_is_uploaded(package):
print(skip_message)
continue
signed_name = package.signed_basefilename
if signed_name in signatures:
package.add_gpg_signature(signatures[signed_name], signed_name)
elif sign:
package.sign(sign_with, identity)
resp = repository.upload(package)
print("response code: {}".format(resp.status_code))
print("response body: {}".format(resp.content))
# Bug 92. If we get a redirect we should abort because something seems
# funky. The behaviour is not well defined and redirects being issued
# by PyPI should never happen in reality. This should catch malicious
# redirects as well.
if resp.is_redirect:
raise exc.RedirectDetected(
('"{0}" attempted to redirect to "{1}" during upload.'
' Aborting...').format(config["repository"],
resp.headers["location"]))
if skip_upload(resp, skip_existing, package):
print(skip_message)
continue
utils.check_status_code(resp)
# Bug 28. Try to silence a ResourceWarning by clearing the connection
# pool.
repository.close()
