Skip to content

Commit 8c04280

Browse files
arturcicarturcic
committed
configures nuget publish with OIDC
Uses OIDC to retrieve a temporary API key for NuGet publishing.
1 parent f448daf commit 8c04280

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

.github/workflows/_publish.yml

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ on:
44
env:
55
DOTNET_INSTALL_DIR: "./.dotnet"
66
DOTNET_ROLL_FORWARD: "Major"
7-
7+
88
jobs:
99
publish:
1010
name: ${{ matrix.taskName }}
@@ -16,7 +16,6 @@ jobs:
1616

1717
env:
1818
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
19-
NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
2019
CHOCOLATEY_API_KEY: ${{ secrets.CHOCOLATEY_API_KEY }}
2120
steps:
2221
-
@@ -33,7 +32,16 @@ jobs:
3332
with:
3433
name: nuget
3534
path: ${{ github.workspace }}/artifacts/packages/nuget
35+
36+
-
37+
name: NuGet login (OIDC → temp API key)
38+
uses: NuGet/login@v1
39+
id: login
40+
with:
41+
user: 'gittoolsbot'
3642
-
3743
name: '[Publish]'
3844
shell: pwsh
39-
run: dotnet run/publish.dll --target=Publish${{ matrix.taskName }}
45+
env:
46+
NUGET_API_KEY: ${{ steps.login.outputs.NUGET_API_KEY }}
47+
run: dotnet run/publish.dll --target=Publish${{ matrix.taskName }}

0 commit comments

Comments
 (0)