name: Publish to NuGet

on:
  workflow_dispatch:

jobs:
  publish:
    name: Build, Pack, and Publish
    runs-on: windows-2022
    permissions:
      id-token: write # enable GitHub OIDC token issuance for this job

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    - name: Build projects
      shell: pwsh
      run: |
        Get-ChildItem ./src -Recurse -Filter *.csproj |
        ForEach-Object {
          dotnet build $_.FullName -c Release
        }

    - name: Pack projects
      shell: pwsh
      run: |
        Get-ChildItem ./src -Recurse -Filter *.csproj |
        ForEach-Object {
          dotnet pack $_.FullName -c Release --no-build -o ./packages
        }

    - name: NuGet login (OIDC → temp API key)
      uses: NuGet/login@v1
      id: login
      with:
        user: ${{ secrets.NUGET_USER }}

    - name: Push to NuGet
      run: dotnet nuget push "**/packages/*.nupkg" --api-key ${{steps.login.outputs.NUGET_API_KEY}} --source "https://api.nuget.org/v3/index.json" --skip-duplicate