Trusted publisher not working in reusable workflows (yet) #70
Description
The change in #58 gives the following error:
Notice: Attempting to perform trusted publishing exchange to retrieve a temporary short-lived API token for authentication against https://upload.pypi.org/legacy/ due to __token__ username with no supplied password field
Error: Trusted publishing exchange failure:
Token request failed: the server refused the request for the following reasons:
* `invalid-publisher`: valid token, but no corresponding publisher (All lookup strategies exhausted)
This generally indicates a trusted publisher configuration error, but could
also indicate an internal error on GitHub or PyPI's part.
The claims rendered below are **for debugging purposes only**. You should **not**
use them to configure a trusted publisher unless they already match your expectations.
If a claim is not present in the claim set, then it is rendered as `MISSING`.
* `sub`: `repo:pyiron/pyiron_workflow:environment:pypi`
* `repository`: `pyiron/pyiron_workflow`
* `repository_owner`: `pyiron`
* `repository_owner_id`: `25691954`
* `job_workflow_ref`: `pyiron/actions/.github/workflows/release.yml@refs/heads/main`
* `ref`: `refs/tags/pyiron_workflow-0.1.2`
This is not something I currently have a deep understanding of. However, I guess we should have googled if this was possible before trying it, because it is a known issue that using a trusted publisher for pypi is not compatible with reusable workflows. There is a plan to change this, but no timeline.
I will revert #58 in the meantime.