update yml file to upload package (#159)

bchoudhary6415 · web-flow · commit 52234e8a45ca · 2025-06-23T16:38:35.000+05:30
Signed-off-by: Balram Choudhary &lt;bchoudhary@rocketsoftware.com&gt;
diff --git a/.github/workflows/ibm_db_sa_publish.yml b/.github/workflows/ibm_db_sa_publish.yml
@@ -1,6 +1,5 @@
-name: Build and upload to PyPI
+name: Publish IBM_DB_SA Package
 
-# Build on every workflow_dispatch, branch push, tag push, and pull request change
 on:
   workflow_dispatch:
   pull_request:
@@ -11,29 +10,39 @@ on:
     tags:
       - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
-jobs:
-  deploy:
+permissions:
+  contents: read
+  id-token: write    # Required for trusted publishing to PyPI via OIDC
 
+jobs:
+  publish-pypi:
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
+    environment: pypi  # Environment where PYPI_API_TOKEN secret is stored
 
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up Python
-      uses: actions/setup-python@v5
-      with:
-        python-version: '3.x'
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install build
-    - name: Build package
-      run: |
-        python -m build
-    - name: Publish distribution to PyPI
-      if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
-      uses: pypa/gh-action-pypi-publish@release/v1
-
-    permissions:
-      # IMPORTANT: this permission is mandatory for trusted publishing
-      id-token: write
-      contents: write # Added permission for GitHub Actions to push tags
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install build dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI with trusted publishing (OIDC)
+        uses: pypa/gh-action-pypi-publish@v1.5.0
+        with:
+          # Use GitHub OIDC token to authenticate instead of password
+          # The action supports OIDC automatically when password is empty
+          # so leave password empty and it will use OIDC.
+          user: __token__
+          password: ${{ secrets.PYPI_API_TOKEN }}
+          packages_dir: dist
diff --git a/setup.py b/setup.py
@@ -19,7 +19,8 @@
 setup(
          name='ibm_db_sa',
          version=VERSION,
-         license='Apache License 2.0',
+         license = "Apache-2.0",
+         license_files = ("LICENSE",),
          description='SQLAlchemy support for IBM Data Servers',
          author='IBM Application Development Team',
          author_email='balram.choudhary@ibm.com',
@@ -30,7 +31,6 @@
          classifiers=[
             'Development Status :: 5 - Production/Stable',
             'Intended Audience :: Developers',
-            'License :: OSI Approved :: Apache Software License',
             'Operating System :: OS Independent',
             'Topic :: Database :: Front-Ends'
         ],
