(tooling-trusted-releases) branch main updated: #961 - extract some of the validation for TP configuration into a shared helper

Wed, 01 Apr 2026 04:03:52 -0700 

This is an automated email from the ASF dual-hosted git repository.

arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git


The following commit(s) were added to refs/heads/main by this push:
     new 6fa11ca0 #961 - extract some of the validation for TP configuration 
into a shared helper
6fa11ca0 is described below

commit 6fa11ca07ab4cb385b11f274f6605d6d7feada52
Author: Alastair McFarlane <[email protected]>
AuthorDate: Tue Mar 31 15:14:44 2026 +0100

    #961 - extract some of the validation for TP configuration into a shared 
helper
---
 atr/shared/projects.py        | 13 +------------
 atr/storage/writers/policy.py | 15 ++-------------
 atr/util.py                   | 20 +++++++++++++++++++-
 3 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/atr/shared/projects.py b/atr/shared/projects.py
index 41d7f757..03e4ec2d 100644
--- a/atr/shared/projects.py
+++ b/atr/shared/projects.py
@@ -242,18 +242,7 @@ class TrustedPublishingPolicyForm(form.Form):
         ):
             all_paths.extend(p.strip() for p in (raw or "").split("\n") if 
p.strip())
 
-        if all_paths and (not github_repository_name):
-            raise ValueError("GitHub repository name is required when any 
workflow path is set.")
-
-        if github_repository_branch and (not github_repository_name):
-            raise ValueError("GitHub repository name is required when a GitHub 
branch is set.")
-
-        if github_repository_name and ("/" in github_repository_name):
-            raise ValueError("GitHub repository name must not contain a 
slash.")
-
-        for p in all_paths:
-            if not p.startswith(".github/workflows/"):
-                raise ValueError("GitHub workflow paths must start with 
'.github/workflows/'.")
+        util.validate_trusted_publishing_constraints(github_repository_name, 
github_repository_branch, all_paths)
 
         return self
 
diff --git a/atr/storage/writers/policy.py b/atr/storage/writers/policy.py
index 3f5e3b05..97e6428c 100644
--- a/atr/storage/writers/policy.py
+++ b/atr/storage/writers/policy.py
@@ -27,6 +27,7 @@ import atr.db as db
 import atr.hashes as hashes
 import atr.models as models
 import atr.storage as storage
+import atr.util as util
 
 if TYPE_CHECKING:
     import atr.shared as shared
@@ -321,7 +322,6 @@ def _normalise_trusted_publishing_update(
     release_policy: models.sql.ReleasePolicy,
     values: dict[str, Any],
 ) -> dict[str, Any]:
-    # TODO: Ideally we would use this function in the form validation too
     normalised_values: dict[str, Any] = {}
 
     github_repository_name = release_policy.github_repository_name
@@ -342,18 +342,7 @@ def _normalise_trusted_publishing_update(
             normalised_values[field] = paths
         all_paths.extend(paths)
 
-    if all_paths and (not github_repository_name):
-        raise ValueError("GitHub repository name is required when any workflow 
path is set.")
-
-    if github_repository_branch and (not github_repository_name):
-        raise ValueError("GitHub repository name is required when a GitHub 
branch is set.")
-
-    if github_repository_name and ("/" in github_repository_name):
-        raise ValueError("GitHub repository name must not contain a slash.")
-
-    for path in all_paths:
-        if not path.startswith(".github/workflows/"):
-            raise ValueError("GitHub workflow paths must start with 
'.github/workflows/'.")
+    util.validate_trusted_publishing_constraints(github_repository_name, 
github_repository_branch, all_paths)
 
     return normalised_values
 
diff --git a/atr/util.py b/atr/util.py
index bcaf24a0..dd90de83 100644
--- a/atr/util.py
+++ b/atr/util.py
@@ -14,7 +14,6 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
-
 import asyncio
 import base64
 import binascii
@@ -707,6 +706,25 @@ def match_ignore_pattern(pattern: str | None, value: str | 
None) -> bool:
     return matched
 
 
+def validate_trusted_publishing_constraints(
+    github_repository_name: str | None,
+    github_repository_branch: str | None,
+    all_paths: list[str],
+) -> None:
+    if all_paths and (not github_repository_name):
+        raise ValueError("GitHub repository name is required when any workflow 
path is set.")
+
+    if github_repository_branch and (not github_repository_name):
+        raise ValueError("GitHub repository name is required when a GitHub 
branch is set.")
+
+    if github_repository_name and ("/" in github_repository_name):
+        raise ValueError("GitHub repository name must not contain a slash.")
+
+    for path in all_paths:
+        if not path.startswith(".github/workflows/"):
+            raise ValueError("GitHub workflow paths must start with 
'.github/workflows/'.")
+
+
 async def number_of_release_files(release: sql.Release) -> int:
     """Return the number of files in a release."""
     if (path := paths.release_directory_revision(release)) is None:


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to