Skip to content

Add NuGet publishing workflow with OIDC authentication and increment package version#1

Merged
seaniyer merged 2 commits intomasterfrom
copilot/setup-nuget-publishing-workflow
Oct 17, 2025
Merged

Add NuGet publishing workflow with OIDC authentication and increment package version#1
seaniyer merged 2 commits intomasterfrom
copilot/setup-nuget-publishing-workflow

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Oct 17, 2025
edited
Loading

Overview

This PR implements automated NuGet package publishing to nuget.org using GitHub Actions with OIDC-based trusted publishing, following the official Microsoft documentation at https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing#github-actions-setup.

Changes

1. GitHub Actions Workflow

Created .github/workflows/publish-nuget.yml that:

  • Triggers automatically when a GitHub release is published
  • Uses OIDC trusted publishing for secure authentication (no API key secrets required)
  • Builds the project in Release configuration
  • Packs the NuGet package
  • Publishes to nuget.org using --api-key az for OIDC authentication

The workflow includes the required id-token: write permission to enable OIDC token generation, as specified in the Microsoft trusted publishing documentation.

2. Package Version Increment

Updated the package version in ContosoMCP/ContosoMCP.csproj from 0.1.0-beta to 0.2.0-beta.

Benefits

  • Enhanced Security: OIDC authentication eliminates the need to store long-lived API keys as GitHub secrets
  • Automation: Packages are automatically published when releases are created
  • Reliability: Uses official GitHub Actions and .NET tooling with proper build/test/pack workflow
  • Maintainability: Clean, well-structured workflow that's easy to understand and modify

Next Steps

Before the workflow can publish packages, the repository owner needs to:

  1. Sign in to nuget.org
  2. Navigate to the ContosoMCPServer package settings
  3. Under "Trusted Publishers", add a new GitHub Actions publisher with:
    • Repository owner: seaniyer
    • Repository name: ContosoMCP
    • Workflow name: publish-nuget.yml
    • Environment: (leave empty)

Once configured, simply create and publish a GitHub release (e.g., tag v0.2.0-beta) to trigger the workflow and publish the package to nuget.org.

Testing

  • ✅ Build verified successfully with new version
  • ✅ Package creation tested (ContosoMCPServer.0.2.0-beta.nupkg generated)
  • ✅ Workflow YAML validated with yamllint
Original prompt

Create a workflow to push the nuget package from this project to nuget.org. Be sure to set it up to publish using OIDC following the instructions in https://learn.microsoft.com/en-us/nuget/nuget-org/trusted-publishing#github-actions-setup
Increment the package version

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@seaniyer seaniyer marked this pull request as ready for review October 17, 2025 00:07
@seaniyer
Copy link
Copy Markdown
Owner

seaniyer commented Oct 17, 2025

@copilot continue and finish the changes requested in the previous prompt

@seaniyer
Add NuGet publishing workflow with OIDC and increment version to 0.2.…
4a41ca9 
…0-beta

Co-authored-by: seaniyer <41308619+seaniyer@users.noreply.github.com>
Copilot AI changed the title [WIP] Add workflow to publish NuGet package to nuget.org Add NuGet publishing workflow with OIDC authentication and increment package version Oct 17, 2025
Copilot AI requested a review from seaniyer October 17, 2025 00:11
@seaniyer seaniyer merged commit 8046f7d into master Oct 17, 2025
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seaniyer seaniyer Awaiting requested review from seaniyer

Assignees

@seaniyer seaniyer

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@seaniyer