When using Poetry, UV or other dependency management systems, it is possible to use private repositories (for retrieving project dependencies and/or publishing your project packages).
Each tool has its own way of providing credentials as environment variables (see [Poetry documentation](https://python-poetry.org/docs/configuration#http-basicnameusernamepassword), [UV documentation](https://docs.astral.sh/uv/configuration/environment/#uv_index_name_password)).
You should manage those credentials as any other secret (i.e. defined as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#for-a-project), if possible [**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently displayed in your job logs).
##### How to propagate AWS CodeArtifact credentials
If you're using the **AWS CodeArtifact variant**, you can propagate AWS CodeArtifact credentials (obtained dynamically by the variant) for Poetry and UV by declaring the following variables (replace the `AWS_REPO_NAME` part with your actual configured private repository name):
:information_source: the AWS CodeArtifact variant obtains temporary authentication credentials and makes them available in the `$PYTHON_REPOSITORY_USER` / `$PYTHON_REPOSITORY_PASSWORD` variable.
The above piece of code will simply reuse those values as Poetry/UV configuration.
#### `semantic-release` integration
If you activate the [`semantic-release-info` job from the `semantic-release` template](https://gitlab.com/to-be-continuous/semantic-release/#semantic-release-info-job), the `py-release` job will rely on the generated next version info.
