C# (NuGet)
The C# target publishes to NuGet. The package id is the target's packageName. See the C# configuration for options.
Authenticate the release with OIDC trusted publishing (recommended) or a NuGet API key.
Enable publishing
{
"targets": {
"csharp": {
"packageName": "Acme.Api",
"publish": { "nuget": true }
}
}
}
Trusted publishing (OIDC)
Recommended. The release workflow uses the NuGet/login action to mint a short-lived API key from the workflow's identity token, so no long-lived key is stored. NuGet's OIDC login still needs your account username as one secret.
Add a trusted publishing policy on NuGet
On nuget.org, open Account → Trusted Publishing and add a policy for:
-
Repository owner and name: your linked repository
-
Workflow file:
sdk-release.yml -
Environment: leave blank (unless you set
releaseEnvironment)
Add your NuGet username as a secret
Add a repository secret named NUGET_USER set to your nuget.org username. See Adding repository secrets. This is the only secret OIDC needs; the API key itself is minted at publish time.
Keep the default config
{ "targets": { "csharp": { "publish": { "nuget": true } } } }
Publishing with a NuGet API key
Create a NuGet API key
On nuget.org, go to Account → API Keys → Create, scope it to push your package, and copy the key.
Add it to the repository
Add the key as a repository secret named NUGET_API_KEY. See Adding repository secrets.
Switch the target to token auth
{
"targets": {
"csharp": {
"publish": { "nuget": { "authMethod": "access-token" } }
}
}
}
Notes
- The workflow pushes with
--skip-duplicate, so re-publishing an existing version is a no-op.