C# (NuGet)

The C# target publishes to NuGet. The package id is the target's packageName. See the C# configuration for options.

Authenticate the release with OIDC trusted publishing (recommended) or a NuGet API key.

Enable publishing

{
  "targets": {
    "csharp": {
      "packageName": "Acme.Api",
      "publish": { "nuget": true }
    }
  }
}

Trusted publishing (OIDC)

Recommended. The release workflow uses the NuGet/login action to mint a short-lived API key from the workflow's identity token, so no long-lived key is stored. NuGet's OIDC login still needs your account username as one secret.

Add a trusted publishing policy on NuGet

On nuget.org, open Account → Trusted Publishing and add a policy for:

  • Repository owner and name: your linked repository

  • Workflow file: sdk-release.yml

  • Environment: leave blank (unless you set releaseEnvironment)

Add your NuGet username as a secret

Add a repository secret named NUGET_USER set to your nuget.org username. See Adding repository secrets. This is the only secret OIDC needs; the API key itself is minted at publish time.

Keep the default config
{ "targets": { "csharp": { "publish": { "nuget": true } } } }

Publishing with a NuGet API key

Create a NuGet API key

On nuget.org, go to Account → API Keys → Create, scope it to push your package, and copy the key.

Add it to the repository

Add the key as a repository secret named NUGET_API_KEY. See Adding repository secrets.

Switch the target to token auth
{
  "targets": {
    "csharp": {
      "publish": { "nuget": { "authMethod": "access-token" } }
    }
  }
}

Notes

  • The workflow pushes with --skip-duplicate, so re-publishing an existing version is a no-op.