From 766a3aba8b07791b1619d7490898a0f90692f9eb Mon Sep 17 00:00:00 2001
From: Alan Malta Rodrigues <alan.malta@cern.ch>
Date: Fri, 22 Nov 2024 15:36:10 -0500
Subject: [PATCH 1/2] Revert changes for attestation in CD pipeline

---
 .github/workflows/pypi_build_publish_template.yaml | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/.github/workflows/pypi_build_publish_template.yaml b/.github/workflows/pypi_build_publish_template.yaml
index 04ee5e48fd..9b79156486 100644
--- a/.github/workflows/pypi_build_publish_template.yaml
+++ b/.github/workflows/pypi_build_publish_template.yaml
@@ -14,7 +14,6 @@ jobs:
       name: production
     permissions:
       id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
-      attestations: write  # IMPORTANT: necessary to persist the attestation
     steps:
       - uses: actions/checkout@v4
       - name: Setup python 3.8
@@ -33,13 +32,5 @@ jobs:
           awk "/(${{ inputs.wmcore_component }}$)|(${{ inputs.wmcore_component }},)/ {print \$1}" requirements.wmcore.txt > requirements.txt
       - name: Build sdist
         run: python3 setup.py clean sdist
-      - name: List contents before attestation
-        run: |
-          ls ${{ github.workspace }}
-          ls ${{ github.workspace }}/dist
-      - name: Attest package
-        uses: actions/attest-build-provenance@v1
-        with:
-          subject-path: '${{ github.workspace }}/dist/${{ inputs.wmcore_component }}-*'
       - name: Upload package distribution to PyPi
         uses: pypa/gh-action-pypi-publish@release/v1

From 7ff2ca248c6f446983ed03a1a8907accbff0455d Mon Sep 17 00:00:00 2001
From: Alan Malta Rodrigues <alan.malta@cern.ch>
Date: Fri, 22 Nov 2024 15:47:42 -0500
Subject: [PATCH 2/2] Convert reusable to non-reusable GitHub Action

---
 .github/workflows/pypi_build_and_images.yaml  | 29 +++++++++++++--
 .../pypi_build_publish_template.yaml          | 36 -------------------
 2 files changed, 26 insertions(+), 39 deletions(-)
 delete mode 100644 .github/workflows/pypi_build_publish_template.yaml

diff --git a/.github/workflows/pypi_build_and_images.yaml b/.github/workflows/pypi_build_and_images.yaml
index 283add84cd..7e5f595fc9 100644
--- a/.github/workflows/pypi_build_and_images.yaml
+++ b/.github/workflows/pypi_build_and_images.yaml
@@ -24,13 +24,36 @@ jobs:
   # first job performs build and upload of packages to PyPI
   build_and_publish_services:
     name: Build_and_upload_to_pypi
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    permissions:
+      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     strategy:
       matrix:
         target: [wmagent, wmagent-devtools, wmcore, reqmon, reqmgr2, global-workqueue, acdcserver, reqmgr2ms-unmerged,
                  reqmgr2ms-output, reqmgr2ms-pileup, reqmgr2ms-rulecleaner, reqmgr2ms-transferor, reqmgr2ms-monitor]
-    uses: ./.github/workflows/pypi_build_publish_template.yaml
-    with:
-      wmcore_component: ${{ matrix.target }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup python 3.8
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.8"
+      - name: Upgrade pip3
+        run: |
+          python3 -m pip install --upgrade pip
+      - name: Update the setup script template with package name
+        run: |
+          sed "s/PACKAGE_TO_BUILD/${{ matrix.target }}/" setup_template.py > setup.py
+      - name: Create requirements file
+        run: |
+          cp requirements.txt requirements.wmcore.txt
+          awk "/(${{ matrix.target }}$)|(${{ matrix.target }},)/ {print \$1}" requirements.wmcore.txt > requirements.txt
+      - name: Build sdist
+        run: python3 setup.py clean sdist
+      - name: Upload package distribution to PyPi
+        uses: pypa/gh-action-pypi-publish@release/v1
 
   # second job, depends on build_and_publish_services, builds and upload
   # docker images to CERN registry
diff --git a/.github/workflows/pypi_build_publish_template.yaml b/.github/workflows/pypi_build_publish_template.yaml
deleted file mode 100644
index 9b79156486..0000000000
--- a/.github/workflows/pypi_build_publish_template.yaml
+++ /dev/null
@@ -1,36 +0,0 @@
-# Reusable workflow to setup a specific WMCore component for pip
-
-on:
-  workflow_call:
-    inputs:
-      wmcore_component:
-        required: true
-        type: string
-
-jobs:
-  build_and_publish_from_template:
-    runs-on: ubuntu-latest
-    environment:
-      name: production
-    permissions:
-      id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
-    steps:
-      - uses: actions/checkout@v4
-      - name: Setup python 3.8
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.8"
-      - name: Upgrade pip3
-        run: |
-          python3 -m pip install --upgrade pip
-      - name: Update the setup script template with package name
-        run: |
-          sed "s/PACKAGE_TO_BUILD/${{ inputs.wmcore_component }}/" setup_template.py > setup.py
-      - name: Create requirements file
-        run: |
-          cp requirements.txt requirements.wmcore.txt
-          awk "/(${{ inputs.wmcore_component }}$)|(${{ inputs.wmcore_component }},)/ {print \$1}" requirements.wmcore.txt > requirements.txt
-      - name: Build sdist
-        run: python3 setup.py clean sdist
-      - name: Upload package distribution to PyPi
-        uses: pypa/gh-action-pypi-publish@release/v1