From aedb3cc435cdaecdce07fb0ba3d0ead4ea74c63a Mon Sep 17 00:00:00 2001
From: Marcus G K Williams <168222+mgkwill@users.noreply.github.com>
Date: Tue, 14 Nov 2023 11:52:52 -0800
Subject: [PATCH] Fix poetry config for publish to pypi (#782)

* Try to use poetry config and token  to publish to pypi

* Temporarily enable dry run publish to pypi in cd.yml

* Remove dry run publish to pypi in cd.yml
---
 .github/workflows/cd.yml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 57de4efc1..c778bf1dd 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -134,6 +134,8 @@ jobs:
     name: Upload release artifact
     runs-on: ubuntu-latest
     if: github.triggering_actor == 'mgkwill' || github.triggering_actor == 'PhilippPlank' || github.triggering_actor == 'tim-shea'
+    outputs:
+          api-token: ${{ steps.mint-token.outputs.api-token}}
     permissions:
       contents: write
       id-token: write
@@ -185,27 +187,24 @@ jobs:
       - name: Mint Github API token
         id: mint-token
         run: |
-          # retrieve the ambient OIDC token
+          # retrieve OIDC token
           resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
             "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
           oidc_token=$(jq '.value' <<< "${resp}")
 
-          # exchange the OIDC token for an API token
+          # exchange OIDC token for API token
           resp=$(curl -X POST https://pypi.org/_/oidc/github/mint-token -d "{\"token\": \"${oidc_token}\"}")
           api_token=$(jq '.token' <<< "${resp}")
 
-          # mask the newly minted API token, so that we don't accidentally leak it
+          # mask the API token, to prevent leaking it
           echo "::add-mask::${api_token}"
 
-          # see the next step in the workflow for an example of using this step output
           echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
 
       - name: Publish to PyPI
         if: steps.check-version.outputs.prerelease != 'true'
-        env:
-          POETRY_HTTP_BASIC_PYPI_USERNAME: __token__
-          POETRY_HTTP_BASIC_PYPI_PASSWORD: ${{ steps.mint-token.outputs.api-token }}
         run: |
+          poetry config pypi-token.pypi ${{ steps.mint-token.outputs.api-token }}
           mkdir dist
           cp lava* dist/.
           poetry publish