Skip to content

Publish to Test PyPI step failing in publish to PyPI workflow job #33

New issue
New issue
Open
Open
Publish to Test PyPI step failing in publish to PyPI workflow job#33
@matt-graham

Description

@matt-graham
matt-graham
opened on Jul 8, 2025

In the GitHub Actions workflow triggered by the v1.3.7 release the publish distribution to Test PyPI is failing with error output:

Checking dist/so3-1.3.7-cp310-cp310-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp310-cp310-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7-cp311-cp311-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp311-cp311-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7-cp312-cp312-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp312-cp312-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7-cp313-cp313-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp313-cp313-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7-cp38-cp38-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp38-cp38-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7-cp39-cp39-linux_x86_64.whl: PASSED
Checking dist/so3-1.3.7-cp39-cp39-macosx_14_0_arm64.whl: PASSED
Checking dist/so3-1.3.7.tar.gz: PASSED
Uploading distributions to https://test.pypi.org/legacy/
Uploading so3-1.3.7-cp310-cp310-linux_x86_64.whl
WARNING  Error during upload. Retry with the --verbose option for more details. 
ERROR    HTTPError: 400 Bad Request from https://test.pypi.org/legacy/          
         Bad Request

As far as I can tell the workflow is configured correctly in how it uses the pypa/gh-action-pypi-publish GitHub Action

so3/.github/workflows/python.yml

Lines 96 to 100 in 496f6c0

- name: Publish distribution 📦 to Test PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TEST_PYPI_TOKEN }}
repository-url: https://test.pypi.org/legacy/

which exactly matches example set up in docs.

The only things I can think of are that the API token stored as a secret has possibly expired or been revoked. As I'm not an owner on the so3 Test PyPI project I unfortunately cannot set up a new token. An alternative to using tokens would be to set up trusted publishing which is the current recommended authentication method by PyPA:

A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s): https://test.pypi.org/manage/project/so3/settings/publishing/?provider=github&owner=astroinformatics&repository=so3&workflow_filename=python.yml

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions