From f5007bd74dfe1f39324518f55a875fa8cc828eee Mon Sep 17 00:00:00 2001
From: Paolo Lucchino <paololucchino@gmail.com>
Date: Fri, 20 Mar 2026 16:43:10 +0100
Subject: [PATCH] chore: add S3 PyPI publish workflow

---
 .github/workflows/publish-s3.yml | 52 ++++++++++++++++++++++++++++++++
 scripts/render-simple-index.awk  | 18 +++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 .github/workflows/publish-s3.yml
 create mode 100644 scripts/render-simple-index.awk

diff --git a/.github/workflows/publish-s3.yml b/.github/workflows/publish-s3.yml
new file mode 100644
index 0000000..f4ecf75
--- /dev/null
+++ b/.github/workflows/publish-s3.yml
@@ -0,0 +1,52 @@
+name: Publish to S3 PyPI
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+concurrency:
+  group: publish-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  AWS_REGION: eu-central-1
+  AWS_ACCOUNT_ID: "485262375119"
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+
+      - name: Build package
+        run: |
+          pip install build
+          python -m build
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/gh-oidc-role
+          role-session-name: GitHubActions-${{ github.run_id }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Upload distribution to S3
+        run: |
+          aws s3 sync dist/ s3://wfp-hip-pypi/pypi/data-bridges-client/ \
+            --exclude "*" --include "*.whl" --include "*.tar.gz"
+
+      - name: Regenerate index.html
+        run: |
+          aws s3 ls s3://wfp-hip-pypi/pypi/data-bridges-client/ \
+            | awk -f scripts/render-simple-index.awk > index.html
+          aws s3 cp index.html s3://wfp-hip-pypi/pypi/data-bridges-client/index.html \
+            --content-type "text/html"
diff --git a/scripts/render-simple-index.awk b/scripts/render-simple-index.awk
new file mode 100644
index 0000000..8857b7a
--- /dev/null
+++ b/scripts/render-simple-index.awk
@@ -0,0 +1,18 @@
+#!/usr/bin/awk -f
+#
+# Generate "simple pypi index" from s3 directory listing
+#
+# > aws s3 ls s3://bucket/path/ | ./render-simple-index.awk | tee index.html
+#
+BEGIN {
+   print "<!DOCTYPE html>"
+   print "<html><body>"
+}
+
+/.*\.(whl|gz)$/ {
+  print "  <a href=\"" $4 "\">" $4 "</a></br>"
+}
+
+END {
+    print "</body></html>"
+}
\ No newline at end of file