Skip to content

Use NuGet Trusted Publishing #3574

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
martincostello merged 3 commits into from
Dec 5, 2025
Merged

Use NuGet Trusted Publishing #3574

martincostello merged 3 commits into from
Dec 5, 2025

Conversation

@martincostello
Copy link
Collaborator

@martincostello martincostello commented Sep 22, 2025
edited
Loading

Switch to using GitHub OIDC for pushing packages to NuGet.org with Trusted Publishing.

@martincostello
Use NuGet Trusted Publishing
d1460b9 
Switch to using GitHub OIDC for pushing packages to NuGet.org with Trusted Publishing.

Resolves #3566.
@martincostello martincostello added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 22, 2025
@codecov
Copy link

codecov bot commented Sep 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.66%. Comparing base (3afee04) to head (de2a5b5).
⚠️ Report is 1 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3574   +/-   ##
=======================================
  Coverage   94.66%   94.66%           
=======================================
  Files         111      111           
  Lines        3858     3858           
  Branches      778      778           
=======================================
  Hits         3652     3652           
  Misses        206      206
Flag Coverage Δ
Linux 94.66% <ø> (ø)
Windows 94.66% <ø> (ø)
macOS 94.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@github-actions

This comment has been minimized.

Sign in to view
@github-actions github-actions bot added the stale Stale issues or pull requests label Nov 22, 2025
@martincostello martincostello removed the stale Stale issues or pull requests label Nov 22, 2025
@martincostello
Copy link
Collaborator Author

martincostello commented Nov 27, 2025
edited
Loading

API key has expired. Once Trusted Publishing has been configured can merge this and then release v10.0.2 again.

@martincostello martincostello modified the milestones: v11.0.0, v10.0.2 Nov 27, 2025
@martincostello martincostello mentioned this pull request Dec 2, 2025
Merged
@martincostello
Copy link
Collaborator Author

martincostello commented Dec 5, 2025

Relevant changes have been made in NuGet, so this should work now. Will find out for sure when the next release happens.

@martincostello martincostello marked this pull request as ready for review December 5, 2025 12:11
Copilot AI review requested due to automatic review settings December 5, 2025 12:11
@martincostello martincostello enabled auto-merge (squash) December 5, 2025 12:11
Copilot AI reviewed Dec 5, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request attempts to implement NuGet Trusted Publishing using GitHub OIDC authentication to replace the traditional API key-based authentication for pushing packages to NuGet.org. However, the implementation appears to use a non-standard approach that may not work as intended.

Key Changes:

  • Adds id-token: write permission to the publish-nuget job to enable OIDC token generation
  • Introduces a NuGet log in step using an unverified NuGet/login action
  • Changes API key source from secrets.NUGET_TOKEN to the output of the login step

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@martincostello martincostello merged commit c2cfe84 into master Dec 5, 2025
20 checks passed
@martincostello martincostello deleted the nuget-trusted-publishing branch December 5, 2025 12:21
This was referenced Dec 12, 2025
Open
Open
Merged
Closed
Open
Merged
Merged
This was referenced Dec 19, 2025
Merged
Open
Open
Open
Open
Open
Merged
Open
Open
Merged
Merged
Open
Open
Merged
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

v10.1.0

Development

Successfully merging this pull request may close these issues.

Switch to NuGet trusted publishing

2 participants

@martincostello