Update help: PYPI_FILE can be a local file (#185)

hugovk · web-flow · commit 6c81780dd291 · 2026-04-21T09:53:09.000-04:00
* Update help: PYPI_FILE can be a local file

* No need to download for local file
diff --git a/README.md b/README.md
@@ -164,7 +164,7 @@ pypi-attestations verify pypi --repository https://github.com/sigstore/sigstore-
   ~/Downloads/sigstore-3.6.1-py3-none-any.whl
 ```
 
-This command downloads the artifact and its provenance from PyPI. The artifact
+This command downloads the artifact, if needed, and its provenance from PyPI. The artifact
 is then verified against the provenance, while also checking that the provenance's
 signing identity matches the repository specified by the user.
 
diff --git a/src/pypi_attestations/_cli.py b/src/pypi_attestations/_cli.py
@@ -150,8 +150,10 @@ def _parser() -> argparse.ArgumentParser:
         "distribution_file",
         metavar="PYPI_FILE",
         type=str,
-        help="PyPI file to verify, can be either: (1) pypi:$FILE_NAME (e.g. "
-        "pypi:sampleproject-1.0.0.tar.gz) or (2) A direct URL to files.pythonhosted.org",
+        help="PyPI file to verify, can be: "
+        "(1) a path to a local file, "
+        "(2) pypi:$FILE_NAME (e.g. pypi:sampleproject-1.0.0.tar.gz) or "
+        "(3) A direct URL to files.pythonhosted.org",
     )
 
     verify_pypi_command.add_argument(
