Merge pull request #1101 from woodruffw-forks/ww/attestation-warn-not…

…-fail upload: turn attestation error into a warning
pypa · May 6, 2024 · 439dd70 · 439dd70
2 parents 5d17a43 + 279b5ec
commit 439dd70
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 9 deletions.
diff --git a/tests/test_upload.py b/tests/test_upload.py
@@ -672,14 +672,20 @@ def test_check_status_code_for_wrong_repo_url(repo_url, upload_settings, stub_re
         )
 
 
-def test_upload_rejects_attestations_non_pypi(upload_settings):
+def test_upload_warns_attestations_non_pypi(upload_settings, caplog, stub_response):
     upload_settings.repository_config["repository"] = "https://notpypi.example.com"
     upload_settings.attestations = True
 
-    with pytest.raises(
-        exceptions.InvalidConfiguration, match="may only be used with PyPI and TestPyPI"
-    ):
+    # This fails because the attestation isn't a real file, which is fine
+    # since our functionality under test happens before the failure.
+    with pytest.raises(exceptions.InvalidDistribution):
         upload.upload(
             upload_settings,
             [helpers.WHEEL_FIXTURE, helpers.WHEEL_FIXTURE + ".foo.attestation"],
         )
+
+    assert (
+        "Only PyPI and TestPyPI support attestations; if you experience "
+        "failures, remove the --attestations flag and re-try this command"
+        in caplog.messages
+    )
diff --git a/twine/commands/upload.py b/twine/commands/upload.py
@@ -174,14 +174,15 @@ def upload(upload_settings: settings.Settings, dists: List[str]) -> None:
     repository_url = cast(str, upload_settings.repository_config["repository"])
 
     # Attestations are only supported on PyPI and TestPyPI at the moment.
-    # We fail early here if the user requests any other index, to prevent
-    # users from attempting to use `--attestations` on other indices and
-    # failing bugs when upload fails.
+    # We warn instead of failing to allow twine to be used in local testing
+    # setups (where the PyPI deployment doesn't have a well-known domain).
     if upload_settings.attestations and not repository_url.startswith(
         (utils.DEFAULT_REPOSITORY, utils.TEST_REPOSITORY)
     ):
-        raise exceptions.InvalidConfiguration(
-            "The --attestations flag may only be used with PyPI and TestPyPI"
+        logger.warning(
+            "Only PyPI and TestPyPI support attestations; "
+            "if you experience failures, remove the --attestations flag and "
+            "re-try this command"
         )
 
     dists = commands._find_dists(dists)