From 814466608ba0fea94377f223c6aaae1851b45366 Mon Sep 17 00:00:00 2001
From: iameskild <eskild.eriksen122@gmail.com>
Date: Wed, 5 Apr 2023 21:22:25 -0700
Subject: [PATCH 1/4] Pull PyPI secrets from Vault

---
 .github/workflows/release.yaml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 163931872..b1cedd0e8 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -71,7 +71,19 @@ jobs:
       - name: Build source and binary
         run: python -m build --sdist --wheel .
 
+      - name: Retrieve secret from Vault
+        uses: hashicorp/vault-action@v2.5.0
+        with:
+          method: jwt
+          url: "https://quansight-public-vault-fe415d04.c219cf75.z1.hashicorp.cloud:8200"
+          namespace: "admin/quansight"
+          role: "repository-nebari-dev-nebari-role"
+          secrets: |
+            kv/data/repository/nebari-dev/nebari/shared_secrets PYPI_USERNAME | PYPI_USERNAME;
+            kv/data/repository/nebari-dev/nebari/shared_secrets PYPI_PASSWORD | PYPI_PASSWORD;
+
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          user: ${{ env.PYPI_USERNAME }}
+          password: ${{ env.PYPI_PASSWORD }}

From 0503ebdf096ee993128f532826a722ddc34e4bf4 Mon Sep 17 00:00:00 2001
From: iameskild <eskild.eriksen122@gmail.com>
Date: Wed, 5 Apr 2023 21:37:17 -0700
Subject: [PATCH 2/4] Update job permissions

---
 .github/workflows/release.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b1cedd0e8..f646a729f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -53,6 +53,9 @@ jobs:
     name: Publish Nebari on PyPi
     runs-on: ubuntu-latest
     needs: test-pypi
+    permissions:
+      id-token: write
+      contents: read
 
     steps:
       - name: Set up python

From ef47db4be26aeda7dab2e03a2a2cc6d4b63b5b96 Mon Sep 17 00:00:00 2001
From: iameskild <eskild.eriksen122@gmail.com>
Date: Wed, 5 Apr 2023 21:47:18 -0700
Subject: [PATCH 3/4] Sleep for longer

---
 .github/workflows/release.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f646a729f..ded10bc45 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -40,7 +40,7 @@ jobs:
           repository_url: https://test.pypi.org/legacy/
 
       - name: Sleep
-        run: sleep 60
+        run: sleep 100
 
       - name: Test install from Test PyPI
         run: |

From 7b864e5800baaed46ec2845aea2ee6311c88d2a8 Mon Sep 17 00:00:00 2001
From: iameskild <eskild.eriksen122@gmail.com>
Date: Wed, 5 Apr 2023 21:53:54 -0700
Subject: [PATCH 4/4] Sleep for longer still

---
 .github/workflows/release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ded10bc45..04cd771b3 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -37,10 +37,10 @@ jobs:
         with:
           user: __token__
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
-          repository_url: https://test.pypi.org/legacy/
+          repository-url: https://test.pypi.org/legacy/
 
       - name: Sleep
-        run: sleep 100
+        run: sleep 120
 
       - name: Test install from Test PyPI
         run: |