From bfd919bbbf220a44af6b6e37968db6643e9a39cb Mon Sep 17 00:00:00 2001 From: Don Syme Date: Sat, 7 Mar 2026 19:23:39 +0000 Subject: [PATCH] set up trusted publishing --- .github/workflows/publish.yaml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index a5f7fe96..7bdd5f29 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -5,6 +5,10 @@ on: branches: - main +permissions: + #contents: write # for peaceiris/actions-gh-pages + id-token: write # for NuGet trusted publishing + jobs: publish: name: Publish nuget (if new version) @@ -24,13 +28,11 @@ jobs: # very important, since we use cmd scripts, the default is psh, and a bug prevents errorlevel to bubble shell: cmd run: ./build.cmd - - name: Nuget publish - # skip-duplicate ensures that the 409 error received when the package was already published, - # will just issue a warning and won't have the GH action fail. - # NUGET_PUBLISH_TOKEN_TASKSEQ is valid until approx. 11 Dec 2024 and will need to be updated by then: - # - log in to Nuget.org using 'abelbraaksma' admin account and then refresh the token in Nuget - # - copy the token - # - go to https://github.com/fsprojects/FSharp.Control.TaskSeq/settings/secrets/actions - # - select button "Add repository secret" or update the existing one under "Repository secrets" - # - rerun the job - run: dotnet nuget push packages\FSharp.Control.TaskSeq.*.nupkg --source https://api.nuget.org/v3/index.json --api-key ${{ secrets.NUGET_PUBLISH_TOKEN_TASKSEQ }} --skip-duplicate + - name: Obtain NuGet key + # this hash is v1.1.0 + uses: NuGet/login@d22cc5f58ff5b88bf9bd452535b4335137e24544 + id: login + with: + user: dsyme + - name: Publish NuGets (if this version not published before) + run: dotnet nuget push packages\FSharp.Control.TaskSeq.*.nupkg -s https://www.nuget.org/api/v2/package -k ${{ steps.login.outputs.NUGET_API_KEY }} --skip-duplicate