gitlab-ci-python-aws-codeartifact.yml

# =====================================================================================================================
# === AWS CodeArtifact Auth template variant
# =====================================================================================================================
spec:
  inputs:
    aws-codeartifact-domain:
      description: AWS CodeArtifact domain name
      default: ''
    aws-codeartifact-domain-owner:
      description: AWS CodeArtifact domain owner account ID
      default: ''
    aws-codeartifact-repository:
      description: AWS CodeArtifact repository name
      default: ''
    aws-region:
      description: Default region (where the Codeartifact registry is located)
      default: ''
    aws-oidc-aud:
      description: The `aud` claim for the JWT token _(only required for [OIDC authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_
      default: $CI_SERVER_URL
    aws-oidc-role-arn:
      description: Default IAM Role ARN associated with GitLab _(only required for [OIDC
        authentication](https://docs.gitlab.com/ee/ci/cloud_services/aws/))_
      default: ''
---
variables:
  TBC_AWS_PROVIDER_IMAGE: registry.gitlab.com/to-be-continuous/tools/aws-auth-provider:latest
  AWS_OIDC_AUD: $[[ inputs.aws-oidc-aud ]]
  AWS_REGION: $[[ inputs.aws-region ]]
  AWS_OIDC_ROLE_ARN: $[[ inputs.aws-oidc-role-arn ]]
  AWS_CODEARTIFACT_DOMAIN: $[[ inputs.aws-codeartifact-domain ]]
  AWS_CODEARTIFACT_DOMAIN_OWNER: $[[ inputs.aws-codeartifact-domain-owner ]]
  AWS_CODEARTIFACT_REPOSITORY: $[[ inputs.aws-codeartifact-repository ]]


.codeartifact-pip-config:
  before_script:
    - CODEARTIFACT_URL=https://aws:${PYTHON_REPOSITORY_PASSWORD}@${PYTHON_REPOSITORY_URL#https://}simple
    - pip config set global.index-url $CODEARTIFACT_URL

.python-base:
  services:
    - name: "$TBC_TRACKING_IMAGE"
      command: ["--service", "python", "7.3.0"]
    - name: "$TBC_AWS_PROVIDER_IMAGE"
      alias: "aws-auth-provider"
  id_tokens:
    # required for OIDC auth
    AWS_JWT:
      aud: "$AWS_OIDC_AUD"
  variables:
    PYTHON_REPOSITORY_USERNAME: aws
    PYTHON_REPOSITORY_PASSWORD: "@url@http://aws-auth-provider/codeartifact/auth/token"
    PYTHON_REPOSITORY_URL: "@url@http://aws-auth-provider/codeartifact/repository/endpoint?format=pypi"
    AWS_JWT: "$AWS_JWT"
  before_script:
    - !reference [.python-scripts]
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
    - cd ${PYTHON_PROJECT_DIR}
    - guess_build_system
    - !reference [.codeartifact-pip-config, before_script]