Skip to content

Commit

Permalink
Fix pypi publish in cd.yml (#264)
Browse files Browse the repository at this point in the history
  • Loading branch information
mgkwill authored Nov 14, 2023
1 parent 0112132 commit 49966c8
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions .github/workflows/cd.yml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,8 @@ jobs:
name: Upload release artifact
runs-on: ubuntu-latest
if: github.triggering_actor == 'mgkwill' || github.triggering_actor == 'PhilippPlank' || github.triggering_actor == 'tim-shea'
outputs:
api-token: ${{ steps.mint-token.outputs.api-token}}
permissions:
contents: write
id-token: write
Expand Down Expand Up @@ -184,27 +186,24 @@ jobs:
- name: Mint Github API token
id: mint-token
run: |
# retrieve the ambient OIDC token
# retrieve OIDC token
resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
oidc_token=$(jq '.value' <<< "${resp}")
# exchange the OIDC token for an API token
# exchange OIDC token for API token
resp=$(curl -X POST https://pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}")
api_token=$(jq '.token' <<< "${resp}")
# mask the newly minted API token, so that we don't accidentally leak it
# mask the API token, to prevent leaking it
echo "::add-mask::${api_token}"
# see the next step in the workflow for an example of using this step output
echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
- name: Publish to PyPI
if: steps.check-version.outputs.prerelease != 'true'
env:
POETRY_HTTP_BASIC_PYPI_USERNAME: __token__
POETRY_HTTP_BASIC_PYPI_PASSWORD: ${{ steps.mint-token.outputs.api-token }}
run: |
poetry config pypi-token.pypi ${{ steps.mint-token.outputs.api-token }}
mkdir dist
cp lava* dist/.
poetry publish

0 comments on commit 49966c8

Please sign in to comment.