|
1 | | -name: Publish IBM_DB_SA Package |
| 1 | +name: Build and Publish IBM_DB_SA Package |
2 | 2 |
|
3 | 3 | on: |
4 | | - workflow_dispatch: |
5 | | - pull_request: |
6 | | - push: |
7 | | - branches: |
8 | | - - master |
9 | | - # Sequence of patterns matched against refs/tags |
10 | | - tags: |
11 | | - - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10 |
| 4 | + workflow_dispatch: |
| 5 | + pull_request: |
| 6 | + push: |
| 7 | + branches: |
| 8 | + - master |
| 9 | + tags: |
| 10 | + - 'v*' |
12 | 11 |
|
13 | 12 | permissions: |
14 | | - contents: read |
15 | | - id-token: write # Required for trusted publishing to PyPI via OIDC |
| 13 | + contents: read |
| 14 | + id-token: write |
16 | 15 |
|
17 | 16 | jobs: |
18 | | - publish-pypi: |
19 | | - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') |
20 | | - runs-on: ubuntu-latest |
21 | | - environment: pypi # Environment where PYPI_API_TOKEN secret is stored |
22 | | - |
23 | | - steps: |
24 | | - - name: Checkout code |
25 | | - uses: actions/checkout@v4 |
26 | | - |
27 | | - - name: Set up Python |
28 | | - uses: actions/setup-python@v5 |
29 | | - with: |
30 | | - python-version: '3.x' |
31 | | - |
32 | | - - name: Install build dependencies |
33 | | - run: | |
34 | | - python -m pip install --upgrade pip |
35 | | - pip install build |
36 | | -
|
37 | | - - name: Build package |
38 | | - run: python -m build |
39 | | - |
40 | | - - name: Publish to PyPI with trusted publishing (OIDC) |
41 | | - uses: pypa/gh-action-pypi-publish@v1.13.0 |
42 | | - with: |
43 | | - # Use GitHub OIDC token to authenticate instead of password |
44 | | - # The action supports OIDC automatically when password is empty |
45 | | - # so leave password empty and it will use OIDC. |
46 | | - user: __token__ |
47 | | - password: ${{ secrets.PYPI_API_TOKEN }} |
48 | | - packages_dir: dist |
| 17 | + build: |
| 18 | + runs-on: ubuntu-latest |
| 19 | + steps: |
| 20 | + - name: Checkout code |
| 21 | + uses: actions/checkout@v4 |
| 22 | + - name: Set up Python |
| 23 | + uses: actions/setup-python@v5 |
| 24 | + with: |
| 25 | + python-version: '3.x' |
| 26 | + - name: Install build dependencies |
| 27 | + run: | |
| 28 | + python -m pip install --upgrade pip |
| 29 | + pip install build |
| 30 | + - name: Build package |
| 31 | + run: python -m build |
| 32 | + |
| 33 | + publish-pypi: |
| 34 | + needs: build |
| 35 | + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') |
| 36 | + runs-on: ubuntu-latest |
| 37 | + environment: pypi |
| 38 | + steps: |
| 39 | + - name: Checkout code |
| 40 | + uses: actions/checkout@v4 |
| 41 | + - name: Set up Python |
| 42 | + uses: actions/setup-python@v5 |
| 43 | + with: |
| 44 | + python-version: '3.x' |
| 45 | + - name: Install build dependencies |
| 46 | + run: | |
| 47 | + python -m pip install --upgrade pip |
| 48 | + pip install build |
| 49 | + - name: Build package |
| 50 | + run: python -m build |
| 51 | + - name: Publish to PyPI with trusted publishing (OIDC) |
| 52 | + uses: pypa/gh-action-pypi-publish@v1.13.0 |
| 53 | + with: |
| 54 | + # Use GitHub OIDC token to authenticate instead of password |
| 55 | + # The action supports OIDC automatically when password is empty |
| 56 | + # so leave password empty and it will use OIDC. |
| 57 | + user: __token__ |
| 58 | + password: ${{ secrets.PYPI_API_TOKEN }} |
| 59 | + packages_dir: dist |
0 commit comments