From 62075734834de5590eb9f0e2151da1fd336d66f1 Mon Sep 17 00:00:00 2001
From: Stuart Meeks <stuart.meeks@stuartmeeks.net>
Date: Wed, 10 Jun 2026 03:06:49 +0000
Subject: [PATCH] chore: update packages, adopt CPM, switch to NuGet trusted
 publishing
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update all NuGet packages to latest stable (no prereleases):
  Figgle/Figgle.Fonts 0.6.5→0.6.6, Spectre.Console(.Testing) 0.55.2→0.56.0,
  Microsoft.SourceLink.GitHub 8.0.0→10.0.300, Microsoft.NET.Test.Sdk
  17.11.1→18.6.0, xunit 2.9.2→2.9.3, xunit.runner.visualstudio 2.8.2→3.1.5
- Adopt Central Package Management: versions now live in
  Directory.Packages.props; PackageReference entries carry only Include
- CI publish job uses NuGet trusted publishing (OIDC via NuGet/login@v1)
  instead of a long-lived NUGET_API_KEY secret

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .github/workflows/ci.yml                      | 14 +++++++++++++-
 Directory.Packages.props                      | 19 +++++++++++++++++++
 ...teration.SpectreConsole.Splash.Demo.csproj |  2 +-
 ...NextIteration.SpectreConsole.Splash.csproj |  8 ++++----
 ...eration.SpectreConsole.Splash.Tests.csproj |  8 ++++----
 5 files changed, 41 insertions(+), 10 deletions(-)
 create mode 100644 Directory.Packages.props

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 314340b..bbabcc3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -50,6 +50,9 @@ jobs:
     runs-on: ubuntu-latest
     if: startsWith(github.ref, 'refs/tags/v')
 
+    permissions:
+      id-token: write   # required for NuGet trusted publishing (OIDC token issuance)
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -65,5 +68,14 @@ jobs:
           name: nuget-package
           path: ./artifacts
 
+      # Exchange the GitHub OIDC token for a short-lived nuget.org API key.
+      # Requires a Trusted Publishing policy configured on nuget.org that
+      # matches this repo owner/name and the `ci.yml` workflow file.
+      - name: NuGet login (OIDC → temp API key)
+        id: nuget-login
+        uses: NuGet/login@v1
+        with:
+          user: ${{ secrets.NUGET_USER }}   # your nuget.org username (profile name), not your email
+
       - name: Publish to NuGet
-        run: dotnet nuget push "./artifacts/*.nupkg" --api-key "${{ secrets.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json --skip-duplicate
+        run: dotnet nuget push "./artifacts/*.nupkg" --api-key "${{ steps.nuget-login.outputs.NUGET_API_KEY }}" --source https://api.nuget.org/v3/index.json --skip-duplicate
diff --git a/Directory.Packages.props b/Directory.Packages.props
new file mode 100644
index 0000000..9a5001a
--- /dev/null
+++ b/Directory.Packages.props
@@ -0,0 +1,19 @@
+<Project>
+  <PropertyGroup>
+    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageVersion Include="Figgle" Version="0.6.6" />
+    <PackageVersion Include="Figgle.Fonts" Version="0.6.6" />
+    <PackageVersion Include="Spectre.Console" Version="0.56.0" />
+    <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="10.0.300" />
+  </ItemGroup>
+
+  <ItemGroup Label="Test">
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.6.0" />
+    <PackageVersion Include="Spectre.Console.Testing" Version="0.56.0" />
+    <PackageVersion Include="xunit" Version="2.9.3" />
+    <PackageVersion Include="xunit.runner.visualstudio" Version="3.1.5" />
+  </ItemGroup>
+</Project>
diff --git a/demo/NextIteration.SpectreConsole.Splash.Demo/NextIteration.SpectreConsole.Splash.Demo.csproj b/demo/NextIteration.SpectreConsole.Splash.Demo/NextIteration.SpectreConsole.Splash.Demo.csproj
index e167c4c..2151a8a 100644
--- a/demo/NextIteration.SpectreConsole.Splash.Demo/NextIteration.SpectreConsole.Splash.Demo.csproj
+++ b/demo/NextIteration.SpectreConsole.Splash.Demo/NextIteration.SpectreConsole.Splash.Demo.csproj
@@ -9,7 +9,7 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Figgle.Fonts" Version="0.6.5" />
+		<PackageReference Include="Figgle.Fonts" />
 	</ItemGroup>
 
 	<ItemGroup>
diff --git a/src/NextIteration.SpectreConsole.Splash/NextIteration.SpectreConsole.Splash.csproj b/src/NextIteration.SpectreConsole.Splash/NextIteration.SpectreConsole.Splash.csproj
index 0031a99..0e7b005 100644
--- a/src/NextIteration.SpectreConsole.Splash/NextIteration.SpectreConsole.Splash.csproj
+++ b/src/NextIteration.SpectreConsole.Splash/NextIteration.SpectreConsole.Splash.csproj
@@ -39,10 +39,10 @@
 	</ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Figgle" Version="0.6.5" />
-		<PackageReference Include="Figgle.Fonts" Version="0.6.5" />
-		<PackageReference Include="Spectre.Console" Version="0.55.2" />
-		<PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
+		<PackageReference Include="Figgle" />
+		<PackageReference Include="Figgle.Fonts" />
+		<PackageReference Include="Spectre.Console" />
+		<PackageReference Include="Microsoft.SourceLink.GitHub" PrivateAssets="All" />
 		<None Include="..\..\README.md" Pack="true" PackagePath="\" />
 		<None Include="icon.png" Pack="true" PackagePath="" />
 	</ItemGroup>
diff --git a/tests/NextIteration.SpectreConsole.Splash.Tests/NextIteration.SpectreConsole.Splash.Tests.csproj b/tests/NextIteration.SpectreConsole.Splash.Tests/NextIteration.SpectreConsole.Splash.Tests.csproj
index 8426765..e56d1fb 100644
--- a/tests/NextIteration.SpectreConsole.Splash.Tests/NextIteration.SpectreConsole.Splash.Tests.csproj
+++ b/tests/NextIteration.SpectreConsole.Splash.Tests/NextIteration.SpectreConsole.Splash.Tests.csproj
@@ -11,10 +11,10 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
-		<PackageReference Include="Spectre.Console.Testing" Version="0.55.2" />
-		<PackageReference Include="xunit" Version="2.9.2" />
-		<PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" />
+		<PackageReference Include="Microsoft.NET.Test.Sdk" />
+		<PackageReference Include="Spectre.Console.Testing" />
+		<PackageReference Include="xunit" />
+		<PackageReference Include="xunit.runner.visualstudio" />
 	</ItemGroup>
 
 	<ItemGroup>