6262 } else {
6363 "publish-test"
6464 }
65-
65+
6666 if (-Not $IsMasterBranch) {
6767 $DryRun = $true # force dry run when not on master branch
6868 }
@@ -302,7 +302,7 @@ jobs:
302302 }
303303 Remove-Item $PackedFile -ErrorAction SilentlyContinue | Out-Null
304304 Compress-Archive -Path "$UnpackedDir\*" -Destination $PackedFile -CompressionLevel Optimal
305-
305+
306306name : Code sign nuget package
307307 if : ${{ fromJSON(needs.preflight.outputs.sign-nuget) == true }}
308308 shell : pwsh
@@ -317,7 +317,7 @@ jobs:
317317 '-tr', '${{ vars.CODE_SIGNING_TIMESTAMP_SERVER }}',
318318 '-v')
319319 & NuGetKeyVaultSignTool @Params
320-
320+
321321name : Upload nuget package
322322 uses : actions/upload-artifact@v4.3.6
323323 with :
@@ -365,6 +365,8 @@ jobs:
365365 needs : [preflight, build-native, build-managed]
366366 environment : ${{ needs.preflight.outputs.package-env }}
367367 if : ${{ fromJSON(needs.preflight.outputs.skip-publish) == false }}
368+ permissions :
369+ id-token : write
368370
369371 steps :
370372 - name : Download zip package
@@ -391,6 +393,12 @@ jobs:
391393 name : MsRdpEx-symbols
392394 path : package
393395
396+ - name : NuGet login (OIDC)
397+ id : nuget-login
398+ uses : NuGet/login@v1
399+ with :
400+ user : ${{ secrets.NUGET_BOT_USERNAME }}
401+
394402 - name : Publish to nuget.org
395403 shell : pwsh
396404 run : |
@@ -399,7 +407,7 @@ jobs:
399407
400408 $PushArgs = @(
401409 'nuget', 'push', "$NugetPackage",
402- '--api-key', '${{ secrets .NUGET_API_KEY }}',
410+ '--api-key', '${{ steps.nuget-login.outputs .NUGET_API_KEY }}',
403411 '--source', 'https://api.nuget.org/v3/index.json',
404412 '--skip-duplicate', '--no-symbols'
405413 )
0 commit comments