Nuget publishing improvements.

Author: potatman

.github/workflows/ci.yml

@@ -47,6 +47,9 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/hotfix/') || startsWith(github.ref, 'refs/heads/develop') || startsWith(github.ref, 'refs/tags/v'))
+    permissions:
+      contents: read
+      id-token: write
 
     steps:
       - name: Checkout
@@ -59,39 +62,16 @@ jobs:
         with:
           dotnet-version: "10.0.x"
 
+      - name: Install GitVersion
+        uses: gittools/actions/gitversion/setup@v4
+        with:
+          versionSpec: '6.x'
+
       - name: Determine version
         id: version
-        run: |
-          # Base version from tag or default
-          if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
-            VERSION="${GITHUB_REF#refs/tags/v}"
-          else
-            # Auto-increment: use date-based pre-release for non-tag builds
-            BASE_VERSION="1.3.0"
-            RUN_NUMBER="${GITHUB_RUN_NUMBER}"
-            BRANCH="${GITHUB_REF#refs/heads/}"
-
-            # Clean branch name for semver compatibility
-            BRANCH_CLEAN=$(echo "$BRANCH" | sed 's|[/_]|.|g' | sed 's|\.\.\.||g')
-
-            if [[ "$GITHUB_REF" == "refs/heads/master" || "$GITHUB_REF" == "refs/heads/main" ]]; then
-              # Stable release from master/main (only via tags ideally, but allow CI builds)
-              VERSION="${BASE_VERSION}"
-            elif [[ "$BRANCH" == release/* ]]; then
-              VERSION="${BASE_VERSION}-rc.${RUN_NUMBER}"
-            elif [[ "$BRANCH" == hotfix/* ]]; then
-              VERSION="${BASE_VERSION}-hf.${RUN_NUMBER}"
-            elif [[ "$BRANCH" == "develop" ]]; then
-              VERSION="${BASE_VERSION}-preview.${RUN_NUMBER}"
-            elif [[ "$BRANCH" == feature/* ]]; then
-              VERSION="${BASE_VERSION}-${BRANCH_CLEAN}.${RUN_NUMBER}"
-            else
-              VERSION="${BASE_VERSION}-ci.${RUN_NUMBER}"
-            fi
-          fi
-
-          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
-          echo "Resolved version: ${VERSION}"
+        uses: gittools/actions/gitversion/execute@v4
+        with:
+          useConfigFile: true
 
       - name: Restore
         run: dotnet restore EventHorizon.sln
@@ -101,7 +81,7 @@ jobs:
 
       - name: Pack NuGet packages
         run: |
-          VERSION="${{ steps.version.outputs.version }}"
+          VERSION="${{ steps.version.outputs.semVer }}"
           for proj in src/EventHorizon.*/EventHorizon.*.csproj; do
             ASSEMBLY_NAME=$(basename "$(dirname "$proj")")
             PACKAGE_ID="Cts.${ASSEMBLY_NAME}"
@@ -115,19 +95,25 @@ jobs:
               -p:Version="${VERSION}"
           done
 
+      - name: NuGet login (trusted publishing)
+        uses: NuGet/login@v1
+        id: nuget-login
+        with:
+          user: potatman
+
       - name: Push to NuGet.org
         if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')
         run: |
           dotnet nuget push "./artifacts/*.nupkg" \
-            --api-key ${{ secrets.NUGET_API_KEY }} \
+            --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY }} \
             --source https://api.nuget.org/v3/index.json \
             --skip-duplicate
 
       - name: Push pre-release to NuGet.org
         if: startsWith(github.ref, 'refs/heads/release/') || startsWith(github.ref, 'refs/heads/hotfix/') || github.ref == 'refs/heads/develop'
         run: |
           dotnet nuget push "./artifacts/*.nupkg" \
-            --api-key ${{ secrets.NUGET_API_KEY }} \
+            --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY }} \
             --source https://api.nuget.org/v3/index.json \
             --skip-duplicate
 

GitVersion.yml

@@ -0,0 +1,47 @@
+workflow: GitFlow/v1
+mode: ContinuousDeployment
+next-version: 1.3.0
+
+branches:
+  main:
+    label: ''
+    increment: Patch
+    regex: ^master$|^main$
+    is-main-branch: true
+
+  develop:
+    label: preview
+    increment: Minor
+    regex: ^dev(elop)?(ment)?$
+    source-branches: [main]
+    tracks-release-branches: true
+
+  release:
+    mode: ContinuousDeployment
+    label: rc
+    increment: Minor
+    regex: ^releases?[/-](?<BranchName>.+)
+    source-branches: [main, develop, support]
+    is-release-branch: true
+
+  hotfix:
+    mode: ContinuousDeployment
+    label: hf
+    increment: Inherit
+    regex: ^hotfix(es)?[/-](?<BranchName>.+)
+    source-branches: [main, support]
+    is-release-branch: true
+
+  feature:
+    mode: ContinuousDeployment
+    label: '{BranchName}'
+    increment: Inherit
+    regex: ^features?[/-](?<BranchName>.+)
+    source-branches: [develop, main, release, support, hotfix]
+
+  pull-request:
+    mode: ContinuousDelivery
+    label: PullRequest{Number}
+    increment: Inherit
+    regex: ^(pull-requests|pull|pr)[/-](?<Number>\d*)
+    source-branches: [develop, main, release, feature, support, hotfix]

README.md

@@ -369,24 +369,31 @@ Integration tests use `[Collection("Integration")]` and require running Docker C
 
 ## CI/CD
 
-This project uses **GitHub Actions** (`.github/workflows/ci.yml`):
+This project uses **GitHub Actions** (`.github/workflows/ci.yml`) with **[GitVersion](https://gitversion.net/)** for automatic semantic versioning based on the GitFlow branching model.
 
-| Branch/Tag | Version Format | NuGet Feed |
+Versions are derived from git history and tags — no manual version bumping required after initial setup.
+
+| Branch/Tag | Pre-release Label | Example Version |
 |---|---|---|
-| `v*` tag | `{tag}` (e.g., `1.3.0`) | nuget.org (stable) |
-| `master` / `main` | `{BASE_VERSION}` | nuget.org (stable) |
-| `release/*` | `{BASE_VERSION}-rc.{run}` | nuget.org (pre-release) |
-| `hotfix/*` | `{BASE_VERSION}-hf.{run}` | nuget.org (pre-release) |
-| `develop` | `{BASE_VERSION}-preview.{run}` | nuget.org (pre-release) |
-| `feature/*` | `{BASE_VERSION}-{branch}.{run}` | nuget.org (pre-release) |
+| `v*` tag | _(stable)_ | `1.3.0` |
+| `master` / `main` | _(stable)_ | `1.3.0` |
+| `release/*` | `rc` | `1.3.0-rc.3` |
+| `hotfix/*` | `hf` | `1.3.1-hf.1` |
+| `develop` | `preview` | `1.4.0-preview.12` |
+| `feature/*` | `{branch}` | `1.4.0-my-feature.1` |
+
+### How versioning works
+
+- **Tag a release** on `main`/`master` (e.g., `v1.3.0`) to set the version baseline
+- All subsequent commits on branches derive their version from git tags and merge history
+- Commit messages with `+semver: major`, `+semver: minor`, or `+semver: fix` control version increments
+- Configuration lives in `GitVersion.yml` at the repo root
 
 All packages are published with the `Cts.*` prefix (e.g., `Cts.EventHorizon.Abstractions`).
 
-### Secrets
+### Trusted Publishing
 
-| Secret | Purpose |
-|---|---|
-| `NUGET_API_KEY` | API key for publishing to nuget.org |
+NuGet packages are published using [trusted publishing](https://devblogs.microsoft.com/nuget/introducing-trusted-publishers/) via GitHub's OIDC tokens — no API keys or secrets required. The trusted publisher is configured on nuget.org to trust the `ci.yml` workflow in this repository.
 
 ## Samples