Skip to content

Automatically upload new releases to NuGet#15

Merged
okramarenko merged 6 commits into
masterfrom
automate_releases
Jun 24, 2026
Merged

Automatically upload new releases to NuGet#15
okramarenko merged 6 commits into
masterfrom
automate_releases

Conversation

@okramarenko

Copy link
Copy Markdown
Collaborator

No description provided.

@cursor

cursor Bot commented Jun 23, 2026

Copy link
Copy Markdown

PR Summary

Medium Risk
Changes release CI and introduces trusted publishing secrets; publish runs on every PR after full test matrix, but no package push appears in this diff yet.

Overview
Expands when the publish job runs so it executes on pull requests and manual workflow_dispatch, not only on version tags.

Replaces the previous release packaging flow (checkout, dotnet build/pack, and artifact upload) with NuGet Trusted Publishing: NuGet/login@v1 using secrets.NUGET_USER, plus a bash step that fails the job if no temporary NUGET_API_KEY is returned (without printing the key).

This diff does not add dotnet pack or nuget push steps yet—it only validates OIDC login after tests pass.

Reviewed by Cursor Bugbot for commit dd8701d. Configure here.

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 3 potential issues.

Fix All in Cursor

Bugbot Autofix prepared fixes for all 3 issues found in the latest run.

  • ✅ Fixed: Publish job never uploads
    • Restored checkout, .NET setup, build, pack, artifact upload, and added a NuGet push using the OIDC temporary API key for tag releases.
  • ✅ Fixed: Missing OIDC token permission
    • Added publish job permissions for contents read and id-token write so NuGet Trusted Publishing can request an OIDC token.
  • ✅ Fixed: Fork PRs fail publish
    • Restricted the publish job back to tag refs so pull requests, including fork PRs without secrets, do not run NuGet login.

Create PR

Or push these changes by commenting:

@cursor push 9ff4f8962b
Preview (9ff4f8962b)
diff --git a/.github/workflows/config.yml b/.github/workflows/config.yml
--- a/.github/workflows/config.yml
+++ b/.github/workflows/config.yml
@@ -187,8 +187,24 @@
   publish:
     runs-on: windows-latest
     needs: [test-ubuntu, test-windows]
-    if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/')
+    permissions:
+      contents: read
+      id-token: write
     steps:
+      - uses: actions/checkout@v4
+
+      - name: Install .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Build
+        run: dotnet build .\src\EFCore.SingleStore\EFCore.SingleStore.csproj -c Release
+
+      - name: Pack NuGet
+        run: dotnet pack .\src\EFCore.SingleStore\EFCore.SingleStore.csproj -c Release -o efcore_provider
+
       - name: NuGet login (OIDC → temp API key)
         uses: NuGet/login@v1
         id: login
@@ -207,3 +223,14 @@
 
           echo "NuGet Trusted Publishing login succeeded."
           echo "Temporary API key was returned, but it was not printed."
+
+      - name: Publish NuGet package
+        env:
+          NUGET_API_KEY: ${{ steps.login.outputs.NUGET_API_KEY }}
+        run: dotnet nuget push .\efcore_provider\*.nupkg --api-key "$env:NUGET_API_KEY" --source https://api.nuget.org/v3/index.json --skip-duplicate
+
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: efcore-provider
+          path: efcore_provider/

You can send follow-ups to the cloud agent here.

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit dd8701d. Configure here.

Comment thread .github/workflows/config.yml Outdated
Comment thread .github/workflows/config.yml
Comment thread .github/workflows/config.yml
Comment thread .github/workflows/config.yml Outdated
Comment thread RELEASE.md Outdated
Comment thread RELEASE.md Outdated
@okramarenko okramarenko merged commit bb03515 into master Jun 24, 2026
11 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

2 participants