Skip to content

Commit 21f5f5e

Browse files
jaredparCopilot
andauthored
Switch publish workflow to NuGet trusted publishing (OIDC) (#91)
Replace secrets.NUGET_API_KEY with NuGet/login@v1 OIDC-based authentication. - Add id-token: write permission for OIDC token exchange - Add NuGet/login@v1 step before push - Remove API key from push command - Add --skip-duplicate to push Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
1 parent 164d2ad commit 21f5f5e

1 file changed

Lines changed: 9 additions & 1 deletion

File tree

.github/workflows/publish.yml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ jobs:
1515
publish:
1616
name: Publish NuGet
1717
runs-on: ubuntu-latest
18+
permissions:
19+
id-token: write
20+
contents: write
1821
if: >-
1922
github.event_name == 'workflow_dispatch' ||
2023
(github.event_name == 'workflow_run' &&
@@ -52,8 +55,13 @@ jobs:
5255
- name: Pack Solution
5356
run: dotnet pack -p:PackageOutputPath="${GITHUB_WORKSPACE}/packages" -p:IncludeSymbols=false -p:RepositoryCommit=${GITHUB_SHA} -p:PackageVersion="${{ steps.version.outputs.version }}" -c Release
5457

58+
- name: NuGet login (OIDC)
59+
uses: NuGet/login@v1
60+
with:
61+
user: jaredpar
62+
5563
- name: Publish NuPkg Files
56-
run: dotnet nuget push "$GITHUB_WORKSPACE/packages/*.nupkg" -k ${{ secrets.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json
64+
run: dotnet nuget push "$GITHUB_WORKSPACE/packages/*.nupkg" -s https://api.nuget.org/v3/index.json --skip-duplicate
5765

5866
- name: Create Tag and Release
5967
env:

0 commit comments

Comments
 (0)