Automatically upload new releases to NuGet

[okramarenko]

setting up CI for automatic uploading of new releases to NuGet following this guide -- https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing

[cursor]

PR Summary

Medium Risk
Publish/release CI behavior changes (runner, triggers, OIDC, removed pack/artifact steps); misconfiguration could block releases until pack/push is wired back in.

Overview
The publish job in .github/workflows/config.yml is reworked toward NuGet Trusted Publishing instead of building and uploading a package artifact on Windows.

It now runs on ubuntu-latest, can be triggered by workflow_dispatch as well as version tags, grants id-token: write for OIDC, and uses NuGet/login@v1 with secrets.NUGET_USER, followed by a step that fails if no temporary API key is returned (without printing the key). The previous checkout, dotnet build/pack, and upload-artifact steps are removed from this job in the diff.

tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json bumps Microsoft.DotNet.ILCompiler and Microsoft.NET.ILLink.Tasks (10.0.7→10.0.8 on net10.0, 8.0.26→8.0.27 on net8.0).

^{Reviewed by Cursor Bugbot for commit 2e979ff. Configure here.}

[cursor]

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

Bugbot Autofix prepared a fix for the issue found in the latest run.

• ✅ Fixed: Publish job authenticates but never builds or pushes
  • Restored checkout, .NET setup, build, pack, and NuGet push steps using the OIDC API key in the publish job.

Or push these changes by commenting:

@cursor push ae94d43017

Preview (ae94d43017)

diff --git a/.github/workflows/config.yml b/.github/workflows/config.yml
--- a/.github/workflows/config.yml
+++ b/.github/workflows/config.yml
@@ -196,16 +196,33 @@
     if: github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     permissions:
+      contents: read
       id-token: write
 
     steps:
+      - uses: actions/checkout@v5
+
+      - name: Install .NET
+        uses: actions/setup-dotnet@v5
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Build project binaries
+        run: dotnet build -c Release
+
+      - name: Create CI Artifacts directory
+        run: mkdir net_connector
+
+      - name: Build NuGet package
+        run: dotnet pack -c Release --output net_connector -p:PackageVersion=${{ env.CONNECTOR_VERSION }}
+
       - name: NuGet login (OIDC → temp API key)
         uses: NuGet/login@v1
         id: login
         with:
           user: ${{ secrets.NUGET_USER }}
 
-      - name: Confirm NuGet login worked
+      - name: Publish NuGet package
         shell: bash
         env:
           NUGET_API_KEY: ${{ steps.login.outputs.NUGET_API_KEY }}
@@ -216,4 +233,4 @@
           fi
 
           echo "NuGet Trusted Publishing login succeeded."
-          echo "Temporary API key was returned, but it was not printed."
\ No newline at end of file
+          dotnet nuget push "net_connector/*.nupkg" --api-key "$NUGET_API_KEY" --source https://api.nuget.org/v3/index.json --skip-duplicate
\ No newline at end of file

_{You can send follow-ups to the cloud agent here.}

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 2e979ff. Configure here.}