Merge pull request #173 from CliMT/develop

JoyMonteiro · web-flow · commit 8880cb6ef709 · 2025-03-14T16:20:19.000+05:30
Updating twine upload
diff --git a/.github/workflows/release_climt.yml b/.github/workflows/release_climt.yml
@@ -56,8 +56,28 @@ jobs:
       - name: Install twine
         run: python -m pip install twine
 
-      - name: upload wheels
-        env:
-          TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
-          TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
-        run: twine upload wheelhouse/* --verbose
+      - name: mint API token
+        id: mint-token
+        run: |
+          # retrieve the ambient OIDC token
+          resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+            "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
+          oidc_token=$(jq -r '.value' <<< "${resp}")
+
+          # exchange the OIDC token for an API token
+          resp=$(curl -X POST https://pypi.org/_/oidc/mint-token -d "{\"token\": \"${oidc_token}\"}")
+          api_token=$(jq -r '.token' <<< "${resp}")
+
+          # mask the newly minted API token, so that we don't accidentally leak it
+          echo "::add-mask::${api_token}"
+
+          # see the next step in the workflow for an example of using this step output
+          echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
+
+          TWINE_USERNAME=__token__ TWINE_PASSWORD=${api_token} twine upload wheelhouse/* --verbose
+
+      # - name: upload wheels
+      #   env:
+      #     TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }}
+      #     TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }}
+      #   run: twine upload wheelhouse/* --verbose
