use correct audience

rapidsai · Jun 26, 2024 · 0829264 · 0829264
1 parent 84791a9
commit 0829264
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 20 deletions.
diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml
@@ -72,33 +72,33 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       id-token: write
-    needs: wheel-build
+    # needs: wheel-build
     steps:
-      # - name: mint API token
-      #   run: |
-      #     #!/bin/bash
+      - name: mint API token
+        run: |
+          #!/bin/bash
 
-      #     # retrieve the ambient OIDC token
-      #     resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-      #     "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
-      #     oidc_token=$(jq -r '.value' <<< "${resp}")
+          # retrieve the ambient OIDC token
+          resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
+          "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi")
+          oidc_token=$(jq -r '.value' <<< "${resp}")
 
-      #     echo "OIDC token: $oidc_token"
-      #     echo "Response: $resp"
+          echo "OIDC token: $oidc_token"
+          echo "Response: $resp"
 
-      #     # exchange the OIDC token for an API token
-      #     resp=$(curl -X POST https://test.pypi.org/_/oidc/mint-token -d "{\"token\": \"${oidc_token}\"}")
+          # exchange the OIDC token for an API token
+          resp=$(curl -X POST https://test.pypi.org/_/oidc/mint-token -d "{\"token\": \"${oidc_token}\"}")
 
-      #     echo "OIDC token: $oidc_token"
-      #     echo "Response: $resp"
+          echo "OIDC token: $oidc_token"
+          echo "Response: $resp"
 
-      #     api_token=$(jq -r '.token' <<< "${resp}")
+          api_token=$(jq -r '.token' <<< "${resp}")
 
-      #     # mask the newly minted API token, so that we don't accidentally leak it
-      #     echo "::add-mask::${api_token}"
+          # mask the newly minted API token, so that we don't accidentally leak it
+          echo "::add-mask::${api_token}"
 
-      #     # see the next step in the workflow for an example of using this step output
-      #     echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
+          # see the next step in the workflow for an example of using this step output
+          echo "api-token=${api_token}" >> "${GITHUB_OUTPUT}"
       - name: Mint GitHub Token
         uses: rapidsai/shared-actions/mint-pypi-token@mint-pypi-token
         id: mint-token

diff --git a/ci/mint-pypi-token.sh b/ci/mint-pypi-token.sh
@@ -2,7 +2,7 @@
 
 # retrieve the ambient OIDC token
 resp=$(curl -H "Authorization: bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" \
-"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=pypi")
+"$ACTIONS_ID_TOKEN_REQUEST_URL&audience=testpypi")
 oidc_token=$(jq -r '.value' <<< "${resp}")
 
 echo "OIDC token: $oidc_token"