A new Trusted Publisher for the currently running publishing workflow can be created by accessing the following link(s) while logged-in as an owner of the package(s):

Trusted Publishers allows publishing packages to PyPI from automated environments like GitHub Actions without needing to use username/password combinations or API tokens to authenticate with PyPI. Read more: https://docs.pypi.org/trusted-publishers

The workflow was run with the 'attestations: true' input, but an explicit password was also set, disabling Trusted Publishing. As a result, the attestations input is ignored.

Unexpected input(s) 'dockerfile', valid inputs are ['add-hosts', 'allow', 'annotations', 'attests', 'build-args', 'build-contexts', 'builder', 'cache-from', 'cache-to', 'call', 'cgroup-parent', 'context', 'file', 'labels', 'load', 'network', 'no-cache', 'no-cache-filters', 'outputs', 'platforms', 'provenance', 'pull', 'push', 'sbom', 'secrets', 'secret-envs', 'secret-files', 'shm-size', 'ssh', 'tags', 'target', 'ulimit', 'github-token']