Gitlab's repository URL didn't marked as verified after trusted publishing

[nE0sIghT]

Describe the bug
I just tested URL verify (merged in the #16205) for Gitlab and found that repository git URL didn't became verified: https://pypi.org/project/apt-mirror/9a1/

Expected behavior
Gitlab URLs like https://gitlab.com/apt-mirror2/apt-mirror2.git are verified after trusted publishing.

[woodruffw]

What happens if you change your GitLab URL to remove the .git suffix? As-is, I suspect it's not being marked as verified because it's failing this check:

warehouse/warehouse/forklift/legacy.py

Lines 485 to 488 in 293a230

	elif user_uri.path and publisher_uri.path:
	is_subpath = publisher_uri.path == user_uri.path or user_uri.path.startswith(
	publisher_uri.path + "/"
	)

(Tweaking this check is tricky, but not necessarily impossible -- we'd need to special case suffixes like .git when checking subpaths. But I think the majority of people use "bare" URLs for GitHub and GitLab, in practice.)

[di]

We should be safe to strip .git from the end of GitHub URLs if present:

Add I'm assuming the same is true with GitLab as well.

[nE0sIghT]

What happens if you change your GitLab URL to remove the .git suffix?

Didn't tested it yet, but I believe it will be fine

I think the majority of people use "bare" URLs for GitHub and GitLab, in practice

Just a note here that the repository URL example in the "Writing your pyproject.toml" PyPA article have .git suffix:

(it's a place where I referenced while writing pyproject.toml for my initial pypi publishing)

[woodruffw]

Gotcha! TIL that's recommended in the PyPA guide 🙂

(I was off in my estimation too -- it should be relatively easy for us to specialize the suffix check for GitHub and GitLab.)

[facutuesca]

We should be safe to strip .git from the end of GitHub URLs if present:

Add I'm assuming the same is true with GitLab as well.

---

Documenting here that it's true for GitLab as well: