From 830d0f9905d97629fdb948e99712c0270ffbfcfa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Hensgen?=
 <24550538+sebhmg@users.noreply.github.com>
Date: Mon, 3 Nov 2025 18:09:02 -0500
Subject: [PATCH 1/2] [DEVOPS-913] try OIDC to publish to PyPI

---
 .github/workflows/python_deploy_dev.yml  | 2 +-
 .github/workflows/python_deploy_prod.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/python_deploy_dev.yml b/.github/workflows/python_deploy_dev.yml
index 1ac90f5..f620916 100644
--- a/.github/workflows/python_deploy_dev.yml
+++ b/.github/workflows/python_deploy_dev.yml
@@ -29,7 +29,7 @@ jobs:
       JFROG_ARTIFACTORY_TOKEN: ${{ secrets.JFROG_ARTIFACTORY_TOKEN }}
   call-workflow-pypi-publish:
     name: Publish development pypi package (JFrog Artifactory, TestPyPI)
-    uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-publish_pypi_package.yml@v2
+    uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-publish_pypi_package.yml@DEVOPS-913
     permissions:
       id-token: write
       contents: write
diff --git a/.github/workflows/python_deploy_prod.yml b/.github/workflows/python_deploy_prod.yml
index e23028f..4997403 100644
--- a/.github/workflows/python_deploy_prod.yml
+++ b/.github/workflows/python_deploy_prod.yml
@@ -42,7 +42,7 @@ jobs:
   call-workflow-pypi-release:
     name: Publish production PyPI package (JFrog Artifactory, PyPI)
     if: ${{ github.event_name == 'release' || github.event.inputs.publish-pypi == 'true' }}
-    uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-release_pypi_assets.yml@v2
+    uses: MiraGeoscience/CI-tools/.github/workflows/reusable-python-release_pypi_assets.yml@DEVOPS-913
     permissions:
       id-token: write
       contents: write

From 09f63b45bba66137c2fa654eb7124522ed08462c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Hensgen?=
 <24550538+sebhmg@users.noreply.github.com>
Date: Mon, 3 Nov 2025 18:23:06 -0500
Subject: [PATCH 2/2] [DEVOPS-913] must not pass token for PyPI OIDC

---
 .github/workflows/python_deploy_dev.yml  | 1 -
 .github/workflows/python_deploy_prod.yml | 1 -
 2 files changed, 2 deletions(-)

diff --git a/.github/workflows/python_deploy_dev.yml b/.github/workflows/python_deploy_dev.yml
index f620916..f37a31e 100644
--- a/.github/workflows/python_deploy_dev.yml
+++ b/.github/workflows/python_deploy_dev.yml
@@ -42,4 +42,3 @@ jobs:
     secrets:
       JFROG_ARTIFACTORY_URL: ${{ secrets.JFROG_ARTIFACTORY_URL }}
       JFROG_ARTIFACTORY_TOKEN: ${{ secrets.JFROG_ARTIFACTORY_TOKEN }}
-      PYPI_TOKEN: ${{ secrets.TEST_PYPI_TOKEN }}
diff --git a/.github/workflows/python_deploy_prod.yml b/.github/workflows/python_deploy_prod.yml
index 4997403..8a00006 100644
--- a/.github/workflows/python_deploy_prod.yml
+++ b/.github/workflows/python_deploy_prod.yml
@@ -53,4 +53,3 @@ jobs:
     secrets:
       JFROG_ARTIFACTORY_URL: ${{ secrets.JFROG_ARTIFACTORY_URL }}
       JFROG_ARTIFACTORY_TOKEN: ${{ secrets.JFROG_ARTIFACTORY_TOKEN }}
-      PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}