From a5cdcdea32aab821dcaaeba9758e92a0abdf34e6 Mon Sep 17 00:00:00 2001
From: Mike Fiedler <miketheman@gmail.com>
Date: Fri, 3 Nov 2023 12:08:38 -0400
Subject: [PATCH] fix: evaluate Trusted Publisher events correctly (#14852)

---
 tests/common/db/packaging.py        | 1 +
 tests/unit/packaging/test_models.py | 5 +----
 warehouse/packaging/models.py       | 2 +-
 3 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/tests/common/db/packaging.py b/tests/common/db/packaging.py
index 016c54cb5c4f..3ac6b295b828 100644
--- a/tests/common/db/packaging.py
+++ b/tests/common/db/packaging.py
@@ -128,6 +128,7 @@ class Meta:
         model = File.Event
 
     source = factory.SubFactory(FileFactory)
+    additional = {"publisher_url": None}
 
 
 class RoleFactory(WarehouseFactory):
diff --git a/tests/unit/packaging/test_models.py b/tests/unit/packaging/test_models.py
index 70e1070bbf67..92e41fc807ce 100644
--- a/tests/unit/packaging/test_models.py
+++ b/tests/unit/packaging/test_models.py
@@ -531,10 +531,9 @@ def test_trusted_published_all(self, db_session):
         DBFileEventFactory.create(
             source=release_file,
             tag="fake:event",
-            additional={},
         )
 
-        # Without the `publisher_url` key, not considered trusted published
+        # Without a `publisher_url` value, not considered trusted published
         assert not release.trusted_published
 
         DBFileEventFactory.create(
@@ -560,7 +559,6 @@ def test_trusted_published_mixed(self, db_session):
         DBFileEventFactory.create(
             source=rfile_1,
             tag="fake:event",
-            additional={},
         )
         DBFileEventFactory.create(
             source=rfile_2,
@@ -656,7 +654,6 @@ def test_published_via_trusted_publisher(self, db_session):
         DBFileEventFactory.create(
             source=rfile,
             tag="fake:event",
-            additional={},
         )
 
         # Without the `publisher_url` key, not considered trusted published
diff --git a/warehouse/packaging/models.py b/warehouse/packaging/models.py
index 8fe2a0ea6083..5f9fe7b04235 100644
--- a/warehouse/packaging/models.py
+++ b/warehouse/packaging/models.py
@@ -697,7 +697,7 @@ def uploaded_via_trusted_publisher(self) -> bool:
         """Return True if the file was uploaded via a trusted publisher."""
         return (
             self.events.where(
-                self.Event.additional.has_key("publisher_url")  # type: ignore[attr-defined] # noqa E501
+                self.Event.additional.op("->>")("publisher_url").is_not(None)  # type: ignore[attr-defined] # noqa E501
             ).count()
             > 0
         )