gh-action-pypi-publish: upload fail in middle with `HTTPError: 400; This filename has already been used`
Hello, we have seen the same failed upload for the last two releases. We have built a package as a wheel and source and used pypa/gh-action-pypi-publish@v1.8.7 to upload them to PyPI. First, it uploads the wheel, which passes, and the second source package fails in the middle. Also, this failed in middle yields that we can’t re-upload the source package manually with twine.
Uploading distributions to https://upload.pypi.org/legacy/
INFO dist/torchmetrics-1.0.1-py3-none-any.whl (712.2 KB)
INFO dist/torchmetrics-1.0.1.tar.gz (420.2 KB)
INFO username set by command options
INFO password set by command options
INFO username: __token__
INFO password: <hidden>
Uploading torchmetrics-1.0.1-py3-none-any.whl
25l
0% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0.0/765.4 kB • --:-- • ?
0% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0.0/765.4 kB • --:-- • ?
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 765.4/765.4 kB • 00:00 • 11.9 MB/s
25hINFO Response from https://upload.pypi.org/legacy/:
200 OK
Uploading torchmetrics-1.0.1.tar.gz
25l
0% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0.0/449.1 kB • --:-- • ?
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
100% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 449.1/449.1 kB • 00:00 • 148.9 MB/s
25hINFO Response from https://upload.pypi.org/legacy/:
[40](https://github.com/Lightning-AI/torchmetrics/actions/runs/5542425777/jobs/10117097368#step:7:41)0 This filename has already been used, use a different version. See
https://pypi.org/help/#file-name-reuse for more information.
INFO <html>
<head>
<title>400 This filename has already been used, use a different
version. See https://pypi.org/help/#file-name-reuse for more
information.</title>
</head>
<body>
<h1>400 This filename has already been used, use a different version.
See https://pypi.org/help/#file-name-reuse for more information.</h1>
The server could not comply with the request since it is either
malformed or otherwise incorrect.<br/><br/>
This filename has already been used, use a different version. See
https://pypi.org/help/#file-name-reuse for more information.
</body>
</html>
ERROR HTTPError: 400 Bad Request from https://upload.pypi.org/legacy/
This filename has already been used, use a different version. See
https://pypi.org/help/#file-name-reuse for more information.
See full action log:
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 25 (19 by maintainers)
With the recent observations, I think we can exclude problems with version bumps and possible problems twine or this action…
@webknjaz is referring to this: https://docs.pypi.org/trusted-publishers/
Trusted publishing is another way to authenticate and upload to PyPI, without using a username/password or a manually configured API token. The action itself is still trusted (and it’s the same action as before), “trusted” in the context of “trusted publishing” refers to the fact that the CI platform (GitHub) is being trusted to obtain a temporary API token.