Conversation
There was a problem hiding this comment.
Pull request overview
This pull request makes changes to the CI/CD pipeline and project configuration to prepare for package releases to NuGet. It sets packaging flags on projects, adds working directory specifications to GitHub workflows, and attempts to implement a new NuGet authentication mechanism.
Changes:
- Added
IsPackable=falseto library and example projects to prevent them from being packaged - Added explicit
working-directory: ./to all dotnet commands in CI workflows - Attempted to implement NuGet authentication using a login action with OIDC permissions
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| src/OpenApiCodeGenerator/OpenApiCodeGenerator.csproj | Added IsPackable=false to prevent packaging of library project |
| examples/OpenApiCodeGenerator.Examples/OpenApiCodeGenerator.Examples.csproj | Added IsPackable=false to prevent packaging of example project |
| .github/workflows/release.yml | Added id-token permission, working-directory specifications, and attempted NuGet login action |
| .github/workflows/build.yml | Added explicit working-directory specifications to dotnet commands |
Comments suppressed due to low confidence (2)
.github/workflows/release.yml:30
- The 'working-directory: ./' is redundant as './' is the default working directory for all run steps. These additions don't change the behavior and can be removed for cleaner workflow configuration. The same applies to lines 34, 38, and 42.
working-directory: ./
.github/workflows/build.yml:40
- The 'working-directory: ./' is redundant as './' is the default working directory. This can be removed for cleaner workflow configuration. The same applies to lines 44 and 48.
working-directory: ./
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: NuGet login | ||
| uses: NuGet/login@v1 | ||
| id: login | ||
| with: | ||
| user: ${{ secrets.NUGET_USER }} |
There was a problem hiding this comment.
The action 'NuGet/login@v1' does not appear to be a valid GitHub Action. There is no official NuGet organization on GitHub Marketplace that provides a 'login' action. The standard approach for authenticating with NuGet is to use the API key directly with 'dotnet nuget push' command, as was done in the previous version of this workflow. This step will likely fail at runtime.
|
|
||
| - name: Push (Nikcio.OpenApiCodeGen) to NuGet | ||
| run: dotnet nuget push "Nikcio.OpenApiCodeGen.${VERSION}.nupkg" --api-key ${{secrets.NUGET_API_TOKEN}} --source https://api.nuget.org/v3/index.json | ||
| run: dotnet nuget push "Nikcio.OpenApiCodeGen.${VERSION}.nupkg" --api-key ${{steps.login.outputs.NUGET_API_KEY}} --source https://api.nuget.org/v3/index.json |
There was a problem hiding this comment.
This line references an output 'NUGET_API_KEY' from the 'login' step, but the 'NuGet/login@v1' action does not exist and would not produce this output. The previous approach of using 'secrets.NUGET_API_TOKEN' directly was correct. If you need to use a different authentication method, consider using GitHub's OIDC with 'id-token: write' permission (which was added) and NuGet's trusted publishing feature, but this requires a different workflow setup.
|
|
||
| permissions: | ||
| contents: read | ||
| id-token: write |
There was a problem hiding this comment.
The 'id-token: write' permission was added but is not being utilized correctly. This permission is typically used for GitHub's OIDC (OpenID Connect) authentication with external services. If you're attempting to implement NuGet's trusted publishing feature (which uses OIDC), you don't need a separate login action or API key - you would configure the trusted publisher on NuGet.org and use 'dotnet nuget push' without the '--api-key' parameter. If not using OIDC/trusted publishing, this permission can be removed.
| id-token: write |
1 participant
No description provided.