This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 3c2434e #594 - Validate that OIDC is being used for endpoints where
asf_uid is specifiable.
3c2434e is described below
commit 3c2434e97b438bbe593f44a21d0348c1fc7b7b55
Author: Alastair McFarlane <[email protected]>
AuthorDate: Tue Jan 27 15:41:28 2026 +0000
#594 - Validate that OIDC is being used for endpoints where asf_uid is
specifiable.
---
atr/db/interaction.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/atr/db/interaction.py b/atr/db/interaction.py
index 35e2f30..a748f25 100644
--- a/atr/db/interaction.py
+++ b/atr/db/interaction.py
@@ -400,7 +400,9 @@ async def trusted_jwt(publisher: str, jwt: str, phase:
TrustedProjectPhase) -> t
async def trusted_jwt_for_dist(
publisher: str, jwt: str, asf_uid: str, phase: TrustedProjectPhase,
project_name: str, version_name: str
) -> tuple[dict[str, Any], str, sql.Project, sql.Release]:
- payload, _asf_uid = await validate_trusted_jwt(publisher, jwt)
+ payload, asf_uid_from_jwt = await validate_trusted_jwt(publisher, jwt)
+ if asf_uid_from_jwt is not None:
+ raise InteractionError("Must use Trusted Publishing when specifying
ASF UID")
# payload, asf_uid, project = await trusted_jwt(publisher, jwt, phase)
async with db.session() as db_data:
project = await db_data.project(name=project_name,
_committee=True).demand(
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
