Skip to content
This repository was archived by the owner on Nov 13, 2025. It is now read-only.
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions .github/workflows/pack.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ on:
jobs:
pack:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read

steps:
- uses: actions/checkout@v4
Expand All @@ -19,10 +22,15 @@ jobs:
with:
dotnet-version: 9.0.x

- name: NuGet login
uses: NuGet/login@v1
id: login
with:
user: ${{ secrets.NUGET_USER }}
Comment on lines +28 to +29

Copilot AI Sep 30, 2025

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using secrets.NUGET_USER contradicts the purpose of trusted publishing, which is designed to eliminate the need for stored secrets. Trusted publishing should work without any user credentials or API keys stored as secrets.

Suggested change
with:
user: ${{ secrets.NUGET_USER }}

Copilot uses AI. Check for mistakes.

- name: Publish to Nuget
env:
NUGET_API_KEY: ${{secrets.NUGET_API_KEY}}
Bundle: True
NUGET_API_KEY: ${{steps.login.outputs.NUGET_API_KEY}}

run: |
dotnet build src/Longbow.TcpSocket
Expand Down