From 1d2c764f45a9bb3870b18824925d60279844986a Mon Sep 17 00:00:00 2001 From: Dustin Horne <33458686+parentelement@users.noreply.github.com> Date: Wed, 4 Mar 2026 18:24:55 -0600 Subject: [PATCH 1/2] Migrating to trusted publisher workflow from old key workflow. --- .github/workflows/BuildAndPublish.yml | 42 +++++++++ .github/workflows/publish-nuget-package.yml | 97 --------------------- 2 files changed, 42 insertions(+), 97 deletions(-) create mode 100644 .github/workflows/BuildAndPublish.yml delete mode 100644 .github/workflows/publish-nuget-package.yml diff --git a/.github/workflows/BuildAndPublish.yml b/.github/workflows/BuildAndPublish.yml new file mode 100644 index 0000000..1a03117 --- /dev/null +++ b/.github/workflows/BuildAndPublish.yml @@ -0,0 +1,42 @@ +name: BuildAndPack +on: + push: + branches: [main] + tags: ['*'] + pull_request: + +jobs: + build-and-publish: + permissions: + contents: read + id-token: write # enable GitHub OIDC token issuance for this job + + runs-on: windows-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-dotnet@v4 + with: + dotnet-version: 10.0.x + + - name: dotnet pack + run: | + dotnet pack + dotnet pack -r win-x64 + - name: NuGet login (OIDC → temp API key) + uses: NuGet/login@v1 + id: login + with: + user: ${{ secrets.NUGET_USER }} + + - name: push to NuGet + # Only push to NuGet if we're building a tag (optional) + if: startsWith(github.ref, 'refs/tags/') + shell: pwsh + # Loop through all the packages in the output folder and push them to + # nuget.org, using the NUGET_API_KEY generated by the previous login step + run: | + Get-ChildItem artifacts/package/release -Filter *.nupkg | ForEach-Object { + dotnet nuget push $_.FullName ` + --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" ` + --source https://api.nuget.org/v3/index.json + } \ No newline at end of file diff --git a/.github/workflows/publish-nuget-package.yml b/.github/workflows/publish-nuget-package.yml deleted file mode 100644 index d8eae3c..0000000 --- a/.github/workflows/publish-nuget-package.yml +++ /dev/null @@ -1,97 +0,0 @@ -# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json - -name: Publish NuGet -on: - workflow_dispatch: # Allow running the workflow manually from the GitHub UI - push: - branches: - - 'main' # Run the workflow when pushing to the main branch - pull_request: - branches: - - 'main' # Run the workflow for all pull requests - release: - types: - - published # Run the workflow when a new GitHub release is published - -env: - DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1 - DOTNET_NOLOGO: true - NuGetDirectory: ${{ github.workspace}}/nuget - -defaults: - run: - shell: pwsh - -jobs: - create_nuget: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # Get all history to allow automatic versioning using MinVer - - # Install the .NET SDK indicated in the global.json file - - name: Setup .NET - uses: actions/setup-dotnet@v4 - - # Create the NuGet package in the folder from the environment variable NuGetDirectory - - run: dotnet pack Topten.RichTextKit/ParentElement.Topten.RichTextKit.csproj --configuration Release --output ${{ env.NuGetDirectory }} - - # Publish the NuGet package as an artifact, so they can be used in the following jobs - - uses: actions/upload-artifact@v3 - with: - name: nuget - if-no-files-found: error - retention-days: 7 - path: ${{ env.NuGetDirectory }}/*.nupkg - - validate_nuget: - runs-on: ubuntu-latest - needs: [ create_nuget ] - steps: - # Install the .NET SDK indicated in the global.json file - - name: Setup .NET - uses: actions/setup-dotnet@v4 - - # Download the NuGet package created in the previous job - - uses: actions/download-artifact@v3 - with: - name: nuget - path: ${{ env.NuGetDirectory }} - - - name: Install nuget validator - run: dotnet tool update Meziantou.Framework.NuGetPackageValidation.Tool --global - - # Validate metadata and content of the NuGet package - # https://www.nuget.org/packages/Meziantou.Framework.NuGetPackageValidation.Tool#readme-body-tab - # If some rules are not applicable, you can disable them - # using the --excluded-rules or --excluded-rule-ids option - - name: Validate package - run: meziantou.validate-nuget-package (Get-ChildItem "${{ env.NuGetDirectory }}/*.nupkg") --excluded-rules ReadmeMustBeSet - - deploy: - # Publish only when creating a GitHub Release - # https://docs.github.com/en/repositories/releasing-projects-on-github/managing-releases-in-a-repository - # You can update this logic if you want to manage releases differently - if: github.event_name == 'release' - runs-on: ubuntu-latest - needs: [ validate_nuget ] - steps: - # Download the NuGet package created in the previous job - - uses: actions/download-artifact@v3 - with: - name: nuget - path: ${{ env.NuGetDirectory }} - - # Install the .NET SDK indicated in the global.json file - - name: Setup .NET Core - uses: actions/setup-dotnet@v4 - - # Publish all NuGet packages to NuGet.org - # Use --skip-duplicate to prevent errors if a package with the same version already exists. - # If you retry a failed workflow, already published packages will be skipped without error. - - name: Publish NuGet package - run: | - foreach($file in (Get-ChildItem "${{ env.NuGetDirectory }}" -Recurse -Include *.nupkg)) { - dotnet nuget push $file --api-key "${{ secrets.NUGET_APIKEY }}" --source https://api.nuget.org/v3/index.json --skip-duplicate - } From 1698bc1c2bed489ba44af60f1881bce888943131 Mon Sep 17 00:00:00 2001 From: Dustin Horne <33458686+parentelement@users.noreply.github.com> Date: Wed, 4 Mar 2026 18:36:46 -0600 Subject: [PATCH 2/2] Workflow update --- .github/workflows/BuildAndPublish.yml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.github/workflows/BuildAndPublish.yml b/.github/workflows/BuildAndPublish.yml index 1a03117..25fb495 100644 --- a/.github/workflows/BuildAndPublish.yml +++ b/.github/workflows/BuildAndPublish.yml @@ -11,17 +11,15 @@ jobs: contents: read id-token: write # enable GitHub OIDC token issuance for this job - runs-on: windows-latest + runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: actions/setup-dotnet@v4 with: dotnet-version: 10.0.x - - - name: dotnet pack + - name: release build run: | - dotnet pack - dotnet pack -r win-x64 + dotnet build -c Release - name: NuGet login (OIDC → temp API key) uses: NuGet/login@v1 id: login @@ -31,12 +29,8 @@ jobs: - name: push to NuGet # Only push to NuGet if we're building a tag (optional) if: startsWith(github.ref, 'refs/tags/') - shell: pwsh - # Loop through all the packages in the output folder and push them to - # nuget.org, using the NUGET_API_KEY generated by the previous login step + shell: bash run: | - Get-ChildItem artifacts/package/release -Filter *.nupkg | ForEach-Object { dotnet nuget push $_.FullName ` --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" ` - --source https://api.nuget.org/v3/index.json - } \ No newline at end of file + --source https://api.nuget.org/v3/index.json \ No newline at end of file