You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/nuget-org/trusted-publishing.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -56,7 +56,11 @@ To get started:
56
56
> This corresponds to your workflow at `.github/workflows/build.yml`. Enter the **file name only** (`build.yml`)—do not include the `.github/workflows/` path.
57
57
-**Environment (optional):**`release`
58
58
> Enter environment if your workflow uses e.g. `environment: release` and you want to restrict this policy to that environment. Leave this empty if you do not use GitHub Actions environments.
59
-
4. In your **GitHub repo**, update your workflow to request a short‑lived API key and push your package.
59
+
4. In your **GitHub repo**, update your workflow to request a short‑lived API key and push your package.
60
+
61
+
> [!NOTE]
62
+
> While pull requests by third parties will be able to change the workflow file, their requests will be stamped with their owner and repository name IDs and thus won't match the configured trust policy and will be rejected.
0 commit comments