Thanks @lahma for doing this. Sorry I'm not too familiar with artifacts, what's the purpose for them in the CI build script?

If you approve the run, you will see artifacts section in build summary and you can download a zip file containing the nuget packages prepared.

I did similar thing here, see the bottom of the page https://github.com/totpero/DeviceDetector.NET/actions/runs/10267431264

I see, but wouldn't I want to do that for just version releases? How long do these artifacts exist? Would this support signing the assemblies?

Well you can pick artifacts from build you choose, e.g. the commit you choose for release. With Quartz.NET and a some other projects I have generated rolling preview version number and if it's a tagged build it will produce version based on tag name. But it gets complicated.

In my projects I have signing key in repo and all builds have signed binaries.

My goal with this PR was to ensure that build artifacts correlate to repository and there won't be possible problems from building on random developer box with code not in version control.

As I was on mobile before so wasn't able to investigate. So I see that you don't share the snk file for signing. I would suggest to just add it publicly to repository and have it for all builds. If you look at the Microsoft's guidance, there's:

✔️ CONSIDER strong naming your library's assemblies.
✔️ CONSIDER adding the strong naming key to your source control system.

As it's not a security measure it's common for OSS projects to have the key as part of repository contents.