flexcompute
diff --git a/‎.github/actions/setup-codeartifact-poetry-auth/action.yml‎
Lines changed: 52 additions & 0 deletions b/‎.github/actions/setup-codeartifact-poetry-auth/action.yml‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎.github/workflows/codestyle.yml‎
Lines changed: 20 additions & 0 deletions b/‎.github/workflows/codestyle.yml‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎.github/workflows/pypi-publish.yml‎
Lines changed: 8 additions & 0 deletions b/‎.github/workflows/pypi-publish.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎.github/workflows/test.yml‎
Lines changed: 12 additions & 0 deletions b/‎.github/workflows/test.yml‎
Lines changed: 12 additions & 0 deletions
@@ -0,0 +1,52 @@
+name: Setup CodeArtifact Poetry Auth
+description: Configure AWS credentials, fetch CodeArtifact token, and set Poetry auth env vars.
+
+inputs:
+  aws-access-key-id:
+    description: AWS access key id for CodeArtifact access.
+    required: true
+  aws-secret-access-key:
+    description: AWS secret access key for CodeArtifact access.
+    required: true
+  aws-region:
+    description: AWS region of the CodeArtifact domain.
+    required: false
+    default: us-east-1
+  domain:
+    description: CodeArtifact domain name.
+    required: false
+    default: flexcompute
+  domain-owner:
+    description: AWS account id that owns the CodeArtifact domain.
+    required: false
+    default: "625554095313"
+
+outputs:
+  token:
+    description: CodeArtifact authorization token.
+    value: ${{ steps.get-token.outputs.token }}
+
+runs:
+  using: composite
+  steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ inputs.aws-access-key-id }}
+        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
+        aws-region: ${{ inputs.aws-region }}
+
+    - name: Get CodeArtifact token and set Poetry env
+      id: get-token
+      shell: bash
+      run: |
+        TOKEN=$(aws codeartifact get-authorization-token \
+          --domain "${{ inputs.domain }}" \
+          --domain-owner "${{ inputs.domain-owner }}" \
+          --region "${{ inputs.aws-region }}" \
+          --query authorizationToken \
+          --output text)
+        echo "::add-mask::$TOKEN"
+        echo "token=$TOKEN" >> "$GITHUB_OUTPUT"
+        echo "POETRY_HTTP_BASIC_CODEARTIFACT_USERNAME=aws" >> "$GITHUB_ENV"
+        echo "POETRY_HTTP_BASIC_CODEARTIFACT_PASSWORD=$TOKEN" >> "$GITHUB_ENV"
@@ -2,6 +2,11 @@ name: Codestyle checking
 
 on:
   workflow_call:
+    secrets:
+      AWS_CODEARTIFACT_READ_ACCESS_KEY:
+        required: true
+      AWS_CODEARTIFACT_READ_ACCESS_SECRET:
+        required: true
   workflow_dispatch:
 
 jobs:
@@ -15,6 +20,11 @@ jobs:
         with:
           python-version: '3.9'
           cache: 'poetry'
+      - name: Setup CodeArtifact auth for Poetry
+        uses: ./.github/actions/setup-codeartifact-poetry-auth
+        with:
+          aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_SECRET }}
       - name: Install black
         run: poetry install
       - name: Run black
@@ -30,6 +40,11 @@ jobs:
         with:
           python-version: '3.9'
           cache: 'poetry'
+      - name: Setup CodeArtifact auth for Poetry
+        uses: ./.github/actions/setup-codeartifact-poetry-auth
+        with:
+          aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_SECRET }}
       - name: Install isort
         run: poetry install
       - name: Check isort version
@@ -47,6 +62,11 @@ jobs:
         with:
           python-version: '3.9'
           cache: 'poetry'
+      - name: Setup CodeArtifact auth for Poetry
+        uses: ./.github/actions/setup-codeartifact-poetry-auth
+        with:
+          aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_SECRET }}
       - name: Install dependencies
         run: poetry install
       - name: Run pylint
 
@@ -326,6 +326,14 @@ jobs:
       with:
         python-version: '3.9'
         cache: 'poetry'
+    - name: Setup CodeArtifact auth for Poetry
+      uses: ./.github/actions/setup-codeartifact-poetry-auth
+      with:
+        aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_SECRET }}
+        aws-region: us-east-1
+        domain: flexcompute
+        domain-owner: "625554095313"
     - name: Install dependencies
       run: poetry install
     - name: Pump version number
 
@@ -7,10 +7,16 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, ready_for_review ]
   workflow_call:
+    secrets:
+      AWS_CODEARTIFACT_READ_ACCESS_KEY:
+        required: true
+      AWS_CODEARTIFACT_READ_ACCESS_SECRET:
+        required: true
 
 jobs:
   code-style:
     uses: ./.github/workflows/codestyle.yml
+    secrets: inherit
   testing:
     needs: code-style
     name: test ${{ matrix.python-version }} - ${{ matrix.platform }}
@@ -46,6 +52,12 @@ jobs:
         virtualenvs-in-project: true
         virtualenvs-create: true
 
+    - name: Setup CodeArtifact auth for Poetry
+      uses: ./.github/actions/setup-codeartifact-poetry-auth
+      with:
+        aws-access-key-id: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_CODEARTIFACT_READ_ACCESS_SECRET }}
+
     - name: Install dependencies
       run: poetry install