From a87e592fe75268415eb02922eec9f5a55f58e7f0 Mon Sep 17 00:00:00 2001 From: Stuart Meeks Date: Wed, 10 Jun 2026 02:55:38 +0000 Subject: [PATCH] Adopt CPM, update packages, switch to NuGet trusted publishing - Move all package versions to a central Directory.Packages.props (ManagePackageVersionsCentrally) and strip Version attributes from the project files. - Update NuGet references to latest stable: Spectre.Console 0.56.0, Microsoft.Extensions.DependencyInjection(.Abstractions) 10.0.9, Microsoft.SourceLink.GitHub 10.0.300, Microsoft.NET.Test.Sdk 18.6.0, xunit 2.9.3, xunit.runner.visualstudio 3.1.5, coverlet.collector 10.0.1, Spectre.Console.Testing 0.56.0. Spectre.Console.Cli stays at 0.55.0 (latest stable; it only requires Spectre.Console >= 0.55.0). - Switch the publish job from a long-lived NUGET_API_KEY secret to NuGet Trusted Publishing: request a short-lived key via NuGet/login@v1 with id-token: write, then push with that key. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/ci.yml | 17 ++++++++++---- Directory.Packages.props | 23 +++++++++++++++++++ ...xtIteration.SpectreConsole.Settings.csproj | 8 +++---- ...ation.SpectreConsole.Settings.Tests.csproj | 12 +++++----- 4 files changed, 46 insertions(+), 14 deletions(-) create mode 100644 Directory.Packages.props diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9ea74c..17d42e8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,11 +49,10 @@ jobs: needs: build runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/v') + permissions: + id-token: write # enable GitHub OIDC token issuance for NuGet Trusted Publishing steps: - - name: Checkout - uses: actions/checkout@v6 - - name: Setup .NET 10 uses: actions/setup-dotnet@v5 with: @@ -65,8 +64,18 @@ jobs: name: nuget-package path: ./artifacts + # Exchange the GitHub OIDC token for a short-lived (1-hour) nuget.org API + # key. Requires a matching Trusted Publishing policy on nuget.org. Run this + # immediately before the push so the temporary key doesn't expire. + - name: NuGet login (OIDC -> temp API key) + uses: NuGet/login@v1 + id: login + with: + # nuget.org username (profile name), NOT an email address. + user: ${{ secrets.NUGET_USER }} + - name: Publish to NuGet - run: dotnet nuget push "./artifacts/*.nupkg" --api-key "${{ secrets.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json --skip-duplicate + run: dotnet nuget push "./artifacts/*.nupkg" --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json --skip-duplicate release: needs: publish diff --git a/Directory.Packages.props b/Directory.Packages.props new file mode 100644 index 0000000..cce7333 --- /dev/null +++ b/Directory.Packages.props @@ -0,0 +1,23 @@ + + + true + + + + + + + + + + + + + + + + + + + diff --git a/src/NextIteration.SpectreConsole.Settings/NextIteration.SpectreConsole.Settings.csproj b/src/NextIteration.SpectreConsole.Settings/NextIteration.SpectreConsole.Settings.csproj index daa769c..dbb8c93 100644 --- a/src/NextIteration.SpectreConsole.Settings/NextIteration.SpectreConsole.Settings.csproj +++ b/src/NextIteration.SpectreConsole.Settings/NextIteration.SpectreConsole.Settings.csproj @@ -39,10 +39,10 @@ - - - - + + + + diff --git a/tests/NextIteration.SpectreConsole.Settings.Tests/NextIteration.SpectreConsole.Settings.Tests.csproj b/tests/NextIteration.SpectreConsole.Settings.Tests/NextIteration.SpectreConsole.Settings.Tests.csproj index 294ba4d..44d3714 100644 --- a/tests/NextIteration.SpectreConsole.Settings.Tests/NextIteration.SpectreConsole.Settings.Tests.csproj +++ b/tests/NextIteration.SpectreConsole.Settings.Tests/NextIteration.SpectreConsole.Settings.Tests.csproj @@ -22,15 +22,15 @@ - - - - - + + + + + runtime; build; native; contentfiles; analyzers; buildtransitive all - + runtime; build; native; contentfiles; analyzers; buildtransitive all