From 5e98273064240b9ce290be026bb0866e73d7a74d Mon Sep 17 00:00:00 2001
From: Facundo Tuesca <facundo.tuesca@trailofbits.com>
Date: Wed, 7 Aug 2024 18:47:15 +0200
Subject: [PATCH] Add magic links to step summary

---
 print-pkg-names.py       |  2 +-
 requirements/runtime.txt |  4 +++-
 twine-upload.sh          | 12 +++++++-----
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/print-pkg-names.py b/print-pkg-names.py
index d01d186..c13d0e8 100644
--- a/print-pkg-names.py
+++ b/print-pkg-names.py
@@ -24,7 +24,7 @@ def safe_parse_pkg_name(file_path: pathlib.Path) -> str | None:
     return None
 
 
-packages_dir = pathlib.Path(sys.argv[1]).resolve().absolute()
+packages_dir = pathlib.Path(sys.argv[1]).resolve()
 
 pkg_names = {safe_parse_pkg_name(f) for f in packages_dir.iterdir()}
 pkg_names.discard(None)
diff --git a/requirements/runtime.txt b/requirements/runtime.txt
index d50cd5b..f3f2206 100644
--- a/requirements/runtime.txt
+++ b/requirements/runtime.txt
@@ -64,7 +64,9 @@ multidict==6.0.5
 nh3==0.2.17
     # via readme-renderer
 packaging==24.1
-    # via pypi-attestations
+    # via
+    #   -r runtime.in
+    #   pypi-attestations
 pkginfo==1.10.0
     # via twine
 platformdirs==4.2.2
diff --git a/twine-upload.sh b/twine-upload.sh
index c8b224d..fce4517 100755
--- a/twine-upload.sh
+++ b/twine-upload.sh
@@ -69,6 +69,10 @@ The workflow was run with 'attestations: true' input, but the specified \
 repository URL does not support PEP 740 attestations. As a result, the \
 attestations input is ignored."
 
+MAGIC_LINK_MESSAGE="::warning title=Create a Trusted Publisher::\
+A new Trusted Publisher for the currently running publishing workflow can be created \
+by accessing the following link(s) while logged-in as an owner of the package(s):"
+
 if [[ ! "${INPUT_REPOSITORY_URL}" =~ pypi\.org || ${#PACKAGE_NAMES[@]} -eq 0 ]] ; then
     TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE=""
 else
@@ -79,13 +83,11 @@ else
     fi
     ALL_LINKS=""
     for PACKAGE_NAME in "${PACKAGE_NAMES[@]}"; do
-        LINK="${INDEX_URL}/manage/project/${PACKAGE_NAME}/settings/publishing/?provider=github&owner=${GITHUB_REPOSITORY_OWNER}&repository=${REPOSITORY_NAME}&workflow_filename=${WORKFLOW_FILENAME}"
+        LINK="- ${INDEX_URL}/manage/project/${PACKAGE_NAME}/settings/publishing/?provider=github&owner=${GITHUB_REPOSITORY_OWNER}&repository=${REPOSITORY_NAME}&workflow_filename=${WORKFLOW_FILENAME}"
         ALL_LINKS+="$LINK"$'\n'
     done
-    TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="::warning title=Create a Trusted Publisher::\
-A new Trusted Publisher for the currently running publishing workflow can be created \
-by accessing the following link(s) while logged-in as a maintainer of the package(s): \"
-${ALL_LINKS}"
+    TRUSTED_PUBLISHING_MAGIC_LINK_NUDGE="${MAGIC_LINK_MESSAGE}"$'\n'"${ALL_LINKS}"
+    echo "${MAGIC_LINK_MESSAGE}" >> $GITHUB_STEP_SUMMARY
 fi
 
 [[ "${INPUT_USER}" == "__token__" && -z "${INPUT_PASSWORD}" ]] \