From a69cee83cfef839fccc7bbc57cafc137bd2a6896 Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Fri, 3 Jul 2026 15:07:27 +1000 Subject: [PATCH] Use trusted publishing for dotnet release workflow Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --- .github/workflows/dotnet-release.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dotnet-release.yml b/.github/workflows/dotnet-release.yml index c57364d52..7e8206e65 100644 --- a/.github/workflows/dotnet-release.yml +++ b/.github/workflows/dotnet-release.yml @@ -118,14 +118,23 @@ jobs: runs-on: ubuntu-latest environment: name: nuget-stable + permissions: + id-token: write + contents: read steps: - name: Download package uses: actions/download-artifact@v8 with: name: signed-nuget-packages + - name: NuGet login (OIDC) + id: login + uses: NuGet/login@v1 + with: + user: ${{ secrets.NUGET_USER }} + - name: Publish to NuGet - run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }} + run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ steps.login.outputs.NUGET_API_KEY }} --skip-duplicate publish-coverage: needs: run-tests @@ -133,4 +142,3 @@ jobs: with: fail_on_low_coverage: true secrets: inherit -