[PICARD-3027] Fix PyPI packaging task - MetaBrainz Tickets

Type: Task
Resolution: Fixed
Priority: Normal
Fix Version/s: 2.13.1
Affects Version/s: 2.13
Component/s: Packaging & Deployment
Labels:
None

Packaging for PyPI on Github Actions failed with

Invalid attestations supplied during upload: Could not verify the      
uploaded artifact using the included attestation: Verification failed: 
Certificate's Build Config URI                                         
(<Extension(oid=<ObjectIdentifier(oid=1.3.6.1.4.1.57264.1.18,          
name=Unknown OID)>, critical=False,                                    
value=<UnrecognizedExtension(oid=<ObjectIdentifier(oid=1.3.6.1.4.1.5726
4.1.18, name=Unknown OID)>,                                            
value=b'\x0cYhttps://github.com/metabrainz/picard/.github/workflows/pac
kage.yml@refs/tags/release-2.13')>)>) does not match expected Trusted  
Publisher (package-pypi.yml @ metabrainz/picard)

Fixed in https://github.com/metabrainz/picard/commit/893dca5be4fe5fad8b1a66131f04bca1231df51d

Assignee:: Philipp Wolfer

Reporter:: Philipp Wolfer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025-02-04 17:06

Updated:: 2025-02-04 17:06

Resolved:: 2025-02-04 17:06

Version	Package
2.13.1

Details

Description

Attachments

Activity

People

Dates

Packages