A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers

The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.

Back off 19.069 seconds before retry.

Failed to download action 'https://api.github.com/internal/immutable-actions/actions/setup-python/download/sha256:2c4a1cc87f8d42f4ec181fc96fab063830330212bef88dc00f11285a0126fcbb?x-ghcr-actor-id=188058383&x-ghcr-actor-type=repository&x-ghcr-alg=hmac-sha256&x-ghcr-date=2025-05-26T09:31:00Z&x-ghcr-expires=10m0s&x-ghcr-host=ghcr.io&***

Back off 12.826 seconds before retry.