From e2e83abeb514a5b0d2318ad1507d5996b0e29acf Mon Sep 17 00:00:00 2001
From: Stef Heyenrath <Stef.Heyenrath@gmail.com>
Date: Sun, 24 May 2026 10:21:02 +0200
Subject: [PATCH] Trusted Publishing (#1465)

* Trusted Publishing

* push:

* "

* pwsh

* pack

* push:

* Trusted Publishing = OK
---
 .github/workflows/PublishToNuGet.yml | 40 ++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .github/workflows/PublishToNuGet.yml

diff --git a/.github/workflows/PublishToNuGet.yml b/.github/workflows/PublishToNuGet.yml
new file mode 100644
index 00000000..49bdc6f7
--- /dev/null
+++ b/.github/workflows/PublishToNuGet.yml
@@ -0,0 +1,40 @@
+name: Publish to NuGet
+
+on:
+  workflow_dispatch:
+
+jobs:
+  publish:
+    name: Build, Pack, and Publish
+    runs-on: windows-2022
+    permissions:
+      id-token: write # enable GitHub OIDC token issuance for this job
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Build projects
+      shell: pwsh
+      run: |
+        Get-ChildItem ./src -Recurse -Filter *.csproj |
+        ForEach-Object {
+          dotnet build $_.FullName -c Release
+        }
+
+    - name: Pack projects
+      shell: pwsh
+      run: |
+        Get-ChildItem ./src -Recurse -Filter *.csproj |
+        ForEach-Object {
+          dotnet pack $_.FullName -c Release --no-build -o ./packages
+        }
+
+    - name: NuGet login (OIDC → temp API key)
+      uses: NuGet/login@v1
+      id: login
+      with:
+        user: ${{ secrets.NUGET_USER }}
+
+    - name: Push to NuGet
+      run: dotnet nuget push "**/packages/*.nupkg" --api-key ${{steps.login.outputs.NUGET_API_KEY}} --source "https://api.nuget.org/v3/index.json" --skip-duplicate
\ No newline at end of file