This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch jwtoken_multiple_sources in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit aebbd92286da89dfccbf6a7f0380a21780c646be Author: Alastair McFarlane <[email protected]> AuthorDate: Mon Jan 26 11:28:43 2026 +0000 #504 - don't get UID from token if you take it from args --- atr/api/__init__.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/atr/api/__init__.py b/atr/api/__init__.py index 452e8db..09eb198 100644 --- a/atr/api/__init__.py +++ b/atr/api/__init__.py @@ -353,7 +353,6 @@ async def distribution_record_from_workflow(data: models.api.DistributionRecordF """ Record a distribution. """ - asf_uid = _jwt_asf_uid(github=True, atr=False) _project, release = await interaction.check_release_phase( interaction.TrustedProjectPhase(data.phase), data.project, @@ -369,7 +368,9 @@ async def distribution_record_from_workflow(data: models.api.DistributionRecordF version=data.distribution_version, details=data.details, ) - async with storage.write(asf_uid) as write: + # In this case, we want to take the UID passed by the workflow, not the one from the JWT + # (which will be the tooling role) + async with storage.write(data.asf_uid) as write: wacm = write.as_committee_member(release.committee.name) await wacm.distributions.record_from_data( release.name, --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
