diff --git a/README.md b/README.md index 010507171fae96a7c15fa56670f278fa8b5b0a72..0bb38d7fc15ec9015c845655bc42161b8cff9712 100644 --- a/README.md +++ b/README.md @@ -462,6 +462,30 @@ current_version = "0.0.0" filename = "project-name/__init__.py" ``` +#### Manage your private repositories credentials + +When using Poetry, UV or other dependency management systems, it is possible to use private repositories (for retrieving project dependencies and/or publishing your project packages). + +Each tool has its own way of providing credentials as environment variables (see [Poetry documentation](https://python-poetry.org/docs/configuration#http-basicnameusernamepassword), [UV documentation](https://docs.astral.sh/uv/configuration/environment/#uv_index_name_password)). +You should manage those credentials as any other secret (i.e. defined as [project or group CI/CD variables](https://docs.gitlab.com/ci/variables/#for-a-project), if possible [**masked**](https://docs.gitlab.com/ci/variables/#mask-a-cicd-variable) to prevent them from being inadvertently displayed in your job logs). + +##### How to propagate AWS CodeArtifact credentials + +If you're using the **AWS CodeArtifact variant**, you can propagate AWS CodeArtifact credentials (obtained dynamically by the variant) for Poetry and UV by declaring the following variables (replace the `AWS_REPO_NAME` part with your actual configured private repository name): + +```yaml +variables: + # if using Poetry + POETRY_HTTP_BASIC_AWS_REPO_NAME_USER: $PYTHON_REPOSITORY_USER + POETRY_HTTP_BASIC_AWS_REPO_NAME_PASSWORD: $PYTHON_REPOSITORY_PASSWORD + # if using UV + UV_INDEX_AWS_REPO_NAME_USERNAME: $PYTHON_REPOSITORY_USER + UV_INDEX_AWS_REPO_NAME_PASSWORD: $PYTHON_REPOSITORY_PASSWORD +``` + +:information_source: the AWS CodeArtifact variant obtains temporary authentication credentials and makes them available in the `$PYTHON_REPOSITORY_USER` / `$PYTHON_REPOSITORY_PASSWORD` variable. +The above piece of code will simply reuse those values as Poetry/UV configuration. + #### `semantic-release` integration If you activate the [`semantic-release-info` job from the `semantic-release` template](https://gitlab.com/to-be-continuous/semantic-release/#semantic-release-info-job), the `py-release` job will rely on the generated next version info.