Skip to content

ci: Nuget publish workflow #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
patchandthat merged 1 commit into from
Jun 5, 2026
Merged

ci: Nuget publish workflow #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .github/workflows/dotnet.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,15 @@
# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
# Builds the project, runs tests and creates NuGet packages.
# Triggers on pushes to main and version tags, and pull requests targeting main.

name: .NET

on:
push:
branches:
- main
tags:
- '[0-9]+.[0-9]+.[0-9]+'
- '[0-9]+.[0-9]+.[0-9]+-*'
pull_request:
branches:
- main
Expand Down
65 changes: 65 additions & 0 deletions .github/workflows/nuget-publish.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# Publishes NuGet packages to NuGet.org using trusted publishing.
# Triggers when a version tag push causes the .NET CI workflow to complete successfully.
# Requires reviewer approval for the nuget-publish environment

name: Publish NuGet Packages

on:
workflow_run:
workflows: [".NET"]
types: [completed]

jobs:
check-tag:
name: Check version tag
runs-on: ubuntu-latest
if: github.event.workflow_run.conclusion == 'success'
outputs:
is-version-tag: ${{ steps.check.outputs.is-version-tag }}
steps:
- name: Check if triggered by a version tag
id: check
run: |
if [[ "${{ github.event.workflow_run.head_branch }}" =~ ^[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.]+)?$ ]]; then
echo "is-version-tag=true" >> "$GITHUB_OUTPUT"
else
echo "is-version-tag=false" >> "$GITHUB_OUTPUT"
fi

publish:
name: Publish to NuGet.org
runs-on: ubuntu-latest
needs: check-tag
if: needs.check-tag.outputs.is-version-tag == 'true'

environment: nuget-publish

permissions:
id-token: write
contents: read

steps:
- name: Download NuGet packages artifact
uses: actions/download-artifact@v4
with:
name: nuget-packages
path: nuget/
run-id: ${{ github.event.workflow_run.id }}
github-token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.x

- name: NuGet login
uses: NuGet/login@v1
id: login
with:
user: ${{ secrets.NUGET_USER }}

- name: NuGet push
run: dotnet nuget push "nuget/*.nupkg" \
--api-key ${{steps.login.outputs.NUGET_API_KEY}} \
--source https://api.nuget.org/v3/index.json \
--skip-duplicate
Loading