From e90e853e89d14ff8ad42240b7e16f7a7f0159fd6 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 10 Jul 2023 12:11:56 -0400
Subject: [PATCH] twine-upload: only nudge on PyPI-looking domains

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 twine-upload.sh | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/twine-upload.sh b/twine-upload.sh
index 9d5b89c..e11c559 100755
--- a/twine-upload.sh
+++ b/twine-upload.sh
@@ -59,12 +59,18 @@ elif [[ "${INPUT_USER}" == '__token__' ]]; then
     echo \
         '::notice::Using a user-provided API token for authentication' \
         "against ${INPUT_REPOSITORY_URL}"
-    echo "${TRUSTED_PUBLISHING_NUDGE}"
+
+    if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
+        echo "${TRUSTED_PUBLISHING_NUDGE}"
+    fi
 else
     echo \
         '::notice::Using a username + password pair for authentication' \
         "against ${INPUT_REPOSITORY_URL}"
-    echo "${TRUSTED_PUBLISHING_NUDGE}"
+
+    if [[ "${INPUT_REPOSITORY_URL}" =~ pypi\.org ]]; then
+        echo "${TRUSTED_PUBLISHING_NUDGE}"
+    fi
 fi
 
 if [[