Closed casperdcl closed 7 months ago
Would a shell script be enough, or does it have to be pure Python?
curl --get "$ACTIONS_ID_TOKEN_REQUEST_URL" \
--header "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
--data $(curl "https://$REGISTRY_DOMAIN/_/oidc/audience") |
jq "{token: .value}" |
curl "https://$REGISTRY_DOMAIN/_/oidc/github/mint-token" --data @- |
jq --raw-output .value
Note that https://github.com/casperdcl/deploy-pypi/issues/17#issue-1893037869 is wrong, and $REGISTRY_DOMAIN
is the host name of the registry; e.g. upload.pypi.org
shell script is the only thing supported^single-file
looks like it's meant to be https://upload.pypi.org
shell script is the only thing supported
I asked because the only ™️ thing your shell script does is invoking the python
executable in every conceivable way. Maybe you wanted something along the lines of python -c 'urllib ...'
instead of curl
and jq
for this?
looks like it's meant to be https://upload.pypi.org
It also works with pypi.org
but you're right; updated!
password.required: false
registry-domain.default: https://upload.pypi.org
password
undefined, generate OIDC "password"references
- description: https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers#using-trusted-publishing-with-github-actions - implementation: https://github.com/pypa/gh-action-pypi-publish/blob/unstable/v1/oidc-exchange.py - `detect_github(audience) -> oidc_token`: https://github.com/di/id/blob/main/id/_internal/oidc/ambient.py - GHA env vars: https://docs.github.com/en/actions/learn-github-actions/variables#default-environment-variables