Skip to content

Commit 8baef29

Browse files
jozefizsojozefizso
authored
Modernize release.yml workflow with Trusted Publishing (#35)
2 parents 46dc89d + df45b87 commit 8baef29

File tree

1 file changed

+29
-14
lines changed

1 file changed

+29
-14
lines changed

.github/workflows/release.yml

Lines changed: 29 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,9 @@ on:
55
tags: [ 'v*.*.*' ]
66

77
permissions:
8-
contents: read
8+
id-token: write
9+
attestations: write
10+
contents: write
911

1012
env:
1113
DOTNET_NOLOGO: 1
@@ -21,14 +23,20 @@ jobs:
2123
release:
2224
runs-on: ubuntu-24.04
2325

26+
environment:
27+
name: production
28+
url: https://www.nuget.org/packages/NetOfficeFw.VbaCompiler
29+
2430
steps:
2531
- name: checkout
2632
uses: actions/checkout@v5
2733

2834
- name: setup dotnet
2935
uses: actions/setup-dotnet@v5
3036
with:
31-
dotnet-version: 10
37+
dotnet-version: |
38+
8
39+
10
3240
3341
- name: restore
3442
run: dotnet restore
@@ -44,30 +52,37 @@ jobs:
4452
dotnet pack src/VbaCompiler/VbaCompiler.csproj --no-build --no-restore -o dist
4553
dotnet pack src/vbamc/vbamc.csproj --no-build --no-restore -o dist
4654
55+
- name: attestation
56+
uses: actions/attest-build-provenance@v3
57+
with:
58+
subject-path: 'dist/*.nupkg'
59+
show-summary: true
60+
4761
- name: publish artifact
4862
uses: actions/upload-artifact@v5
4963
with:
50-
name: VbaCompression_packages
64+
name: vbamc_packages
5165
path: |
5266
${{ github.workspace }}/dist
53-
${{ github.workspace }}/src/Kavod.Vba.Compression/README.md
67+
${{ github.workspace }}/src/VbaCompiler/README.md
68+
${{ github.workspace }}/src/vbamc/README.md
5469
55-
- name: publish artifact
56-
uses: actions/upload-artifact@v5
70+
- name: authenticate nuget.org
71+
uses: NuGet/login@v1
72+
id: nuget
5773
with:
58-
name: vbamc_build_${{ github.run_id }}_${{ github.run_number }}
59-
path: '${{ github.workspace }}/dist'
74+
user: ${{ vars.NUGET_PUSH_USER }}
6075

6176
- name: publish
62-
working-directory: '${{ github.workspace}}/dist'
77+
working-directory: '${{ github.workspace }}/dist'
6378
run: |
64-
dotnet nuget push "*.nupkg" --api-key "$NUGET_PUSH_KEY" --source https://api.nuget.org/v3/index.json
79+
dotnet nuget push "*.nupkg" --api-key "$NUGET_API_KEY" --source https://api.nuget.org/v3/index.json
6580
env:
66-
NUGET_PUSH_KEY: ${{ secrets.NUGET_PUSH_KEY }}
81+
NUGET_API_KEY: ${{ steps.nuget.outputs.NUGET_API_KEY }}
6782

6883
- name: release
69-
uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1
70-
if: always() && startsWith(github.ref, 'refs/tags/')
84+
uses: softprops/action-gh-release@v2
85+
if: ${{ !cancelled() && startsWith(github.ref, 'refs/tags/') }}
7186
with:
7287
name: 'vbamc ${{ github.ref_name }}'
73-
body_path: '${{ github.workspace }}/src/vbamc/README.md'
88+
body_path: ${{ github.workspace }}/src/vbamc/README.md

0 commit comments

Comments
 (0)