From 280c08722f7c2ee8d70a27a900c316b0780ad2d6 Mon Sep 17 00:00:00 2001
From: "Billy D." <billy.davies.10@icloud.com>
Date: Mon, 2 Feb 2026 11:31:22 -0500
Subject: [PATCH] ci: use curl for PyPI upload with SSL skip

[ray-serve only]

Twine lacks SSL skip option, use curl -k for self-signed internal cert
---
 .gitea/workflows/publish-ray-serve.yaml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.gitea/workflows/publish-ray-serve.yaml b/.gitea/workflows/publish-ray-serve.yaml
index efe1b34..78e00ed 100644
--- a/.gitea/workflows/publish-ray-serve.yaml
+++ b/.gitea/workflows/publish-ray-serve.yaml
@@ -63,16 +63,19 @@ jobs:
         env:
           TWINE_USERNAME: ${{ secrets.REGISTRY_USER }}
           TWINE_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
-          # Disable SSL verification for internal self-signed cert
-          CURL_CA_BUNDLE: ""
         run: |
           cd ray-serve
           # Use internal registry URL to bypass Cloudflare 100MB limit
-          # --disable-certificate-verification for self-signed internal cert
-          twine upload \
-            --disable-certificate-verification \
-            --repository-url https://registry.lab.daviestechlabs.io/api/packages/daviestechlabs/pypi \
-            dist/*
+          # curl with -k to skip SSL verification for self-signed cert
+          for file in dist/*.whl dist/*.tar.gz; do
+            if [ -f "$file" ]; then
+              echo "Uploading $file..."
+              curl -k --fail -X POST \
+                -u "$TWINE_USERNAME:$TWINE_PASSWORD" \
+                -F "content=@$file" \
+                "https://registry.lab.daviestechlabs.io/api/packages/daviestechlabs/pypi/upload"
+            fi
+          done
 
       - name: Notify on success
         if: success()