attestations: please the linting gods

Signed-off-by: William Woodruff <william@trailofbits.com>
pypa · May 8, 2024 · 9b6d060 · 9b6d060
1 parent 44929e6
commit 9b6d060
Showing 1 changed file with 27 additions and 26 deletions.
diff --git a/attestations.py b/attestations.py
@@ -73,29 +73,30 @@ def attest_dist(dist: Path, signer: Signer) -> None:
     debug(f"saved publish attestation: {dist=} {attestation_path=}")
 
 
-packages_dir = Path(sys.argv[1])
-
-try:
-    # NOTE: audience is always sigstore.
-    oidc_token = detect_credential()
-    identity = IdentityToken(oidc_token)
-except IdentityError as identity_error:
-    # NOTE: We only perform attestations in trusted publishing flows, so we
-    # don't need to re-check for the "PR from fork" error mode, only
-    # generic token retrieval errors.
-    cause = _TOKEN_RETRIEVAL_FAILED_MESSAGE.format(identity_error=identity_error)
-    die(cause)
-
-# Collect all sdists and wheels.
-dists = [sdist.absolute() for sdist in packages_dir.glob("*.tar.gz")]
-dists.extend(whl.absolute() for whl in packages_dir.glob("*.whl"))
-
-with SigningContext.production().signer(identity, cache=True) as signer:
-    for dist in dists:
-        # This should never really happen, but some versions of GitHub's
-        # download-artifact will create a subdirectory with the same name
-        # as the artifact being downloaded, e.g. `dist/foo.whl/foo.whl`.
-        if not dist.is_file():
-            die(f"Path looks like a distribution but is not a file: {dist}")
-
-        attest_dist(dist, signer)
+if __name__ == "__main__":
+    packages_dir = Path(sys.argv[1])
+
+    try:
+        # NOTE: audience is always sigstore.
+        oidc_token = detect_credential()
+        identity = IdentityToken(oidc_token)
+    except IdentityError as identity_error:
+        # NOTE: We only perform attestations in trusted publishing flows, so we
+        # don't need to re-check for the "PR from fork" error mode, only
+        # generic token retrieval errors.
+        cause = _TOKEN_RETRIEVAL_FAILED_MESSAGE.format(identity_error=identity_error)
+        die(cause)
+
+    # Collect all sdists and wheels.
+    dists = [sdist.absolute() for sdist in packages_dir.glob("*.tar.gz")]
+    dists.extend(whl.absolute() for whl in packages_dir.glob("*.whl"))
+
+    with SigningContext.production().signer(identity, cache=True) as signer:
+        for dist in dists:
+            # This should never really happen, but some versions of GitHub's
+            # download-artifact will create a subdirectory with the same name
+            # as the artifact being downloaded, e.g. `dist/foo.whl/foo.whl`.
+            if not dist.is_file():
+                die(f"Path looks like a distribution but is not a file: {dist}")
+
+            attest_dist(dist, signer)