Skip to content

Commit 83ee0ae

Browse files
yoshi-automationyoshi-automation
committed
build: use PyPI API token in secret manager
Migrate python libraries onto the PyPI API token stored in secret manager. A PyPI API token is limited in scope to uploading new releases. https://pypi.org/help/#apitoken Verified that this works with [build](https://fusion2.corp.google.com/invocations/14bae126-83fa-4328-8da9-d390ed99315c/targets/cloud-devrel%2Fclient-libraries%2Fpython%2Fgoogleapis%2Fpython-vision%2Frelease%2Frelease;config=default/log) on googleapis/python-vision#136 Source-Author: Bu Sun Kim <8822365+busunkim96@users.noreply.github.com> Source-Date: Wed Apr 14 17:46:06 2021 -0600 Source-Repo: googleapis/synthtool Source-Sha: 043cc620d6a6111816d9e09f2a97208565fde958 Source-Link: googleapis/synthtool@043cc62
1 parent 94ffc05 commit 83ee0ae

File tree

3 files changed

+5
-15
lines changed

3 files changed

+5
-15
lines changed

.kokoro/release.sh

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ python3 -m pip install --upgrade twine wheel setuptools
2626
export PYTHONUNBUFFERED=1
2727

2828
# Move into the package, build the distribution and upload.
29-
TWINE_PASSWORD=$(cat "${KOKORO_KEYSTORE_DIR}/73713_google_cloud_pypi_password")
29+
TWINE_PASSWORD=$(cat "${KOKORO_GFILE_DIR}/secret_manager/google-cloud-pypi-token")
3030
cd github/python-bigquery-sqlalchemy
3131
python3 setup.py sdist bdist_wheel
32-
twine upload --username gcloudpypi --password "${TWINE_PASSWORD}" dist/*
32+
twine upload --username __token__ --password "${TWINE_PASSWORD}" dist/*

.kokoro/release/common.cfg

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -23,18 +23,8 @@ env_vars: {
2323
value: "github/python-bigquery-sqlalchemy/.kokoro/release.sh"
2424
}
2525

26-
# Fetch PyPI password
27-
before_action {
28-
fetch_keystore {
29-
keystore_resource {
30-
keystore_config_id: 73713
31-
keyname: "google_cloud_pypi_password"
32-
}
33-
}
34-
}
35-
3626
# Tokens needed to report release status back to GitHub
3727
env_vars: {
3828
key: "SECRET_MANAGER_KEYS"
39-
value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem"
40-
}
29+
value: "releasetool-publish-reporter-app,releasetool-publish-reporter-googleapis-installation,releasetool-publish-reporter-pem,google-cloud-pypi-token"
30+
}

synth.metadata

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
"git": {
1212
"name": "synthtool",
1313
"remote": "https://github.com/googleapis/synthtool.git",
14-
"sha": "721339ab60a6eb63b889978b3d9b295dcb3be370"
14+
"sha": "043cc620d6a6111816d9e09f2a97208565fde958"
1515
}
1616
}
1717
],

0 commit comments

Comments
 (0)