From 0882914d5c5057ad3cec280c0142cfe5f6965844 Mon Sep 17 00:00:00 2001
From: Adam Turner <9087854+aa-turner@users.noreply.github.com>
Date: Mon, 24 Jul 2023 16:51:05 +0100
Subject: [PATCH] Target PyPI in create-release.yml

---
 .github/workflows/create-release.yml | 25 +++++++++++--------------
 1 file changed, 11 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index 1cd2d0e9d10..27971612f11 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -37,37 +37,33 @@ jobs:
         id: mint-token
         uses: actions/github-script@v6
         with:
+          # language=JavaScript
           script: |
             // retrieve the ambient OIDC token
             const oidc_request_token = process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN;
             const oidc_request_url = process.env.ACTIONS_ID_TOKEN_REQUEST_URL;
-            const oidc_resp = await fetch(`${oidc_request_url}&audience=testpypi`, {
-                headers: {Authorization: `bearer ${oidc_request_token}`},
-              }
-            );
+            const oidc_resp = await fetch(`${oidc_request_url}&audience=pypi`, {
+              headers: {Authorization: `bearer ${oidc_request_token}`},
+            });
             const oidc_token = (await oidc_resp.json()).value;
-            github.log.warn(`len(oidc_token): ${oidc_token.length}`);
   
             // exchange the OIDC token for an API token
-            const mint_resp = await fetch('https://test.pypi.org/_/oidc/github/mint-token', {
-                method: 'post',
-                body: `{"token": "${oidc_token}"}` ,
-                headers: {'Content-Type': 'application/json'},
-              }
-            );
+            const mint_resp = await fetch('https://pypi.org/_/oidc/github/mint-token', {
+              method: 'post',
+              body: `{"token": "${oidc_token}"}` ,
+              headers: {'Content-Type': 'application/json'},
+            });
             const api_token = (await mint_resp.json()).token;
-            github.log.warn(`len(api_token): ${api_token.length}`);
 
             // mask the newly minted API token, so that we don't accidentally leak it
             core.setSecret(api_token)
             core.setOutput('api-token', api_token)
 
-      - name: Upload to Test PyPI
+      - name: Upload to PyPI
         env:
           TWINE_NON_INTERACTIVE: "true"
           TWINE_USERNAME: "__token__"
           TWINE_PASSWORD: "${{ steps.mint-token.outputs.api-token }}"
-          TWINE_REPOSITORY_URL: "https://test.pypi.org/legacy/"
         run: |
           twine check dist/*
           twine upload dist/*
@@ -75,6 +71,7 @@ jobs:
   github-release:
     runs-on: ubuntu-latest
     name: GitHub release
+    environment: release
     permissions:
       contents: write  # for softprops/action-gh-release to create GitHub release
     steps: