Add warnings for dubious filenames

konstin · konstin · commit ac78909e305f · 2024-11-12T16:49:48.000+01:00
diff --git a/crates/uv-publish/src/lib.rs b/crates/uv-publish/src/lib.rs
@@ -253,6 +253,19 @@ pub fn files_for_publishing(
             };
             let Some(dist_filename) = DistFilename::try_from_normalized_filename(&filename) else {
                 debug!("Not a distribution filename: `{filename}`");
+                if filename.ends_with(".whl")
+                    || filename.ends_with(".zip")
+                    // Example: `tar.gz`
+                    || filename
+                        .split_once(".tar.")
+                        .is_some_and(|(_, ext)| ext.chars().all(|c| c.is_alphanumeric()))
+                {
+                    warn_user!(
+                        "Skipping file that looks like a distribution, \
+                        but is not a valid distribution filename: `{}`",
+                        dist.user_display()
+                    );
+                }
                 continue;
             };
             files.push((dist, filename, dist_filename));
diff --git a/crates/uv/tests/it/publish.rs b/crates/uv/tests/it/publish.rs
@@ -1,4 +1,5 @@
 use crate::common::{uv_snapshot, TestContext};
+use assert_fs::fixture::{FileTouch, PathChild};
 use uv_static::EnvVars;
 
 #[test]
@@ -162,3 +163,37 @@ fn skip_existing_redirect() {
     "###
     );
 }
+
+#[test]
+fn dubious_filenames() {
+    let context = TestContext::new("3.12");
+
+    context.temp_dir.child("not-a-wheel.whl").touch().unwrap();
+    context.temp_dir.child("data.tar.gz").touch().unwrap();
+    context
+        .temp_dir
+        .child("not-sdist-1-2-3-asdf.zip")
+        .touch()
+        .unwrap();
+
+    uv_snapshot!(context.filters(), context.publish()
+        .arg("-u")
+        .arg("dummy")
+        .arg("-p")
+        .arg("dummy")
+        .arg("--publish-url")
+        .arg("https://test.pypi.org/legacy/")
+        .arg(context.temp_dir.join("*")), @r###"
+    success: false
+    exit_code: 2
+    ----- stdout -----
+
+    ----- stderr -----
+    warning: `uv publish` is experimental and may change without warning
+    warning: Skipping file that looks like a distribution, but is not a valid distribution filename: `[TEMP_DIR]/data.tar.gz`
+    warning: Skipping file that looks like a distribution, but is not a valid distribution filename: `[TEMP_DIR]/not-a-wheel.whl`
+    warning: Skipping file that looks like a distribution, but is not a valid distribution filename: `[TEMP_DIR]/not-sdist-1-2-3-asdf.zip`
+    error: No files found to publish
+    "###
+    );
+}
