Skip to content
This repository was archived by the owner on Nov 13, 2025. It is now read-only.

chore: use trusted publishing action #40

Merged
ArgoZhang merged 1 commit into from
Sep 30, 2025
Merged

chore: use trusted publishing action #40

ArgoZhang merged 1 commit into from
Sep 30, 2025

Conversation

@ArgoZhang
Copy link
Member

@ArgoZhang ArgoZhang commented Sep 30, 2025

Link issues

fixes #39

Summary By Copilot

Regression?

  • Yes
  • No

Risk

  • High
  • Medium
  • Low

Verification

  • Manual (required)
  • Automated

Packaging changes reviewed?

  • Yes
  • No
  • N/A

☑️ Self Check before Merge

⚠️ Please check all items below before review. ⚠️

  • Doc is updated/provided or not needed
  • Demo is updated/provided or not needed
  • Merge the latest code from the main branch

Copilot AI review requested due to automatic review settings September 30, 2025 08:11
@ArgoZhang ArgoZhang merged commit 48e8c06 into master Sep 30, 2025
2 of 3 checks passed
@ArgoZhang ArgoZhang deleted the chore-pack branch September 30, 2025 08:11
Copilot AI reviewed Sep 30, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements trusted publishing for NuGet package deployment by replacing API key authentication with OpenID Connect (OIDC) token-based authentication. This approach enhances security by eliminating the need to store long-lived API keys as secrets.

  • Adds OIDC permissions for token-based authentication
  • Introduces NuGet login action to obtain temporary API keys
  • Updates environment variable source from stored secret to login action output

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

.github/workflows/pack.yml
Comment on lines +28 to +29
with:
user: ${{ secrets.NUGET_USER }}
Copy link

Copilot AI Sep 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using secrets.NUGET_USER contradicts the purpose of trusted publishing, which is designed to eliminate the need for stored secrets. Trusted publishing should work without any user credentials or API keys stored as secrets.

Suggested change
with:
user: ${{ secrets.NUGET_USER }}

Copilot uses AI. Check for mistakes.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

chore: use trusted publishing action

2 participants

@ArgoZhang