From 5ed88f790106e8c508f7dcc44200d05eebcf87e0 Mon Sep 17 00:00:00 2001 From: Marcus G K Williams <168222+mgkwill@users.noreply.github.com> Date: Tue, 14 Nov 2023 19:04:56 -0800 Subject: [PATCH] Further fix to pypi upload in cd.yml Set contents to write in publish release --- .github/workflows/cd.yml | 31 +++++++++---------------------- 1 file changed, 9 insertions(+), 22 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 747e0beaf..42c763c96 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -134,11 +134,12 @@ jobs: name: Upload release artifact runs-on: ubuntu-latest if: github.triggering_actor == 'mgkwill' || github.triggering_actor == 'PhilippPlank' || github.triggering_actor == 'tim-shea' - outputs: - api-token: ${{ steps.mint-token.outputs.api-token}} + environment: + name: pypi + url: https://pypi.org/p/lava-nc/ permissions: - contents: write - id-token: write + id-token: write + contents: write needs: [build-artifacts, test-artifact-install, test-artifact-use] steps: @@ -184,26 +185,12 @@ jobs: generateReleaseNotes: true makeLatest: true - - name: Mint Github API token - id: mint-token - run: | - # retrieve OIDC token - resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \ - "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi") - oidc_token=$(jq '.value' <<< "${resp}") - - # exchange OIDC token for API token - resp=$(curl -X POST https://pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}") - api_token=$(jq '.token' <<< "${resp}") - - # mask the API token, to prevent leaking it - echo "::add-mask::${api_token}" - - echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}" - - name: Publish to PyPI if: steps.check-version.outputs.prerelease != 'true' run: | mkdir dist cp lava* dist/. - poetry publish -u __token__ -p '${{ steps.mint-token.outputs.api-token }}' + + - name: Publish package distributions to PyPI + if: steps.check-version.outputs.prerelease != 'true' + uses: pypa/gh-action-pypi-publish@release/v1