Skip to content

Commit 2bbca05

Browse files
aaronpowellCopilot
andauthored
Use trusted publishing for dotnet release workflow (#1453)
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
1 parent 69d4cc7 commit 2bbca05

1 file changed

Lines changed: 10 additions & 2 deletions

File tree

.github/workflows/dotnet-release.yml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -118,19 +118,27 @@ jobs:
118118
runs-on: ubuntu-latest
119119
environment:
120120
name: nuget-stable
121+
permissions:
122+
id-token: write
123+
contents: read
121124
steps:
122125
- name: Download package
123126
uses: actions/download-artifact@v8
124127
with:
125128
name: signed-nuget-packages
126129

130+
- name: NuGet login (OIDC)
131+
id: login
132+
uses: NuGet/login@v1
133+
with:
134+
user: ${{ secrets.NUGET_USER }}
135+
127136
- name: Publish to NuGet
128-
run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }}
137+
run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ steps.login.outputs.NUGET_API_KEY }} --skip-duplicate
129138

130139
publish-coverage:
131140
needs: run-tests
132141
uses: ./.github/workflows/code-coverage.yml
133142
with:
134143
fail_on_low_coverage: true
135144
secrets: inherit
136-

0 commit comments

Comments
 (0)