From 2e979ff9aa2b6910e564ca3161868a1d44af9628 Mon Sep 17 00:00:00 2001 From: Olha Kramarenko Date: Tue, 26 May 2026 12:46:24 +0300 Subject: [PATCH 1/3] try NuGet logging with trusted publishers --- .github/workflows/config.yml | 41 +++++++++---------- .../packages.lock.json | 24 +++++------ 2 files changed, 32 insertions(+), 33 deletions(-) diff --git a/.github/workflows/config.yml b/.github/workflows/config.yml index 29476f662..0d830e318 100644 --- a/.github/workflows/config.yml +++ b/.github/workflows/config.yml @@ -193,28 +193,27 @@ jobs: run: python .github\workflows\s2ms_cluster.py terminate publish: - if: startsWith(github.ref, 'refs/tags/') - runs-on: windows-latest - steps: - - uses: actions/checkout@v5 + if: github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + permissions: + id-token: write - - name: Install .NET - uses: actions/setup-dotnet@v5 + steps: + - name: NuGet login (OIDC → temp API key) + uses: NuGet/login@v1 + id: login with: - dotnet-version: ${{ env.DOTNET_VERSION }} + user: ${{ secrets.NUGET_USER }} - - name: Build project binaries - run: dotnet build -c Release - - - name: Create CI Artifacts directory - run: mkdir net_connector - - - name: Build NuGet package - run: dotnet pack -c Release --output net_connector -p:PackageVersion=${{ env.CONNECTOR_VERSION }} - - - name: Upload artifact - uses: actions/upload-artifact@v5 - with: - name: net_connector - path: net_connector/ + - name: Confirm NuGet login worked + shell: bash + env: + NUGET_API_KEY: ${{ steps.login.outputs.NUGET_API_KEY }} + run: | + if [ -z "$NUGET_API_KEY" ]; then + echo "NuGet login did not return a temporary API key." + exit 1 + fi + echo "NuGet Trusted Publishing login succeeded." + echo "Temporary API key was returned, but it was not printed." \ No newline at end of file diff --git a/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json b/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json index e466b627d..6ab93bf5e 100644 --- a/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json +++ b/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json @@ -4,15 +4,15 @@ "net10.0": { "Microsoft.DotNet.ILCompiler": { "type": "Direct", - "requested": "[10.0.7, )", - "resolved": "10.0.7", - "contentHash": "S53itVb3/l5wEyvdOukwxGzRtw7JSKuh2GurW3W5R57w4nxbZZ+7qCu+5jVlowLmgGrQ7yxJLZdpJc1Vpv8aig==" + "requested": "[10.0.8, )", + "resolved": "10.0.8", + "contentHash": "IG4ZS8fP7whR7OeFjC2mxq9n/yd/QsUliHdQ/Kp0OJ+RObeSJx4HLLGs7/Sxghk/U+S3rmpUOsgLheqBcqlMUw==" }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[10.0.7, )", - "resolved": "10.0.7", - "contentHash": "Y0O2XrQiNYsW9UM2GhH/8faornu9pYXdd9YBcb/CrBnCOw5QtFqgh8bFd5zjxbrdoSVxGPUn1hWSrKtD0SEPzg==" + "requested": "[10.0.8, )", + "resolved": "10.0.8", + "contentHash": "SyfHfPwnylzDkj7u6KiwiIgVP+gc1Ud0ybomjT/sOGJLrGC6KLWR3zUvnTTcwwGK3YqGXsFWEl0opREH11H8pg==" }, "Microsoft.SourceLink.GitHub": { "type": "Direct", @@ -80,15 +80,15 @@ "net8.0": { "Microsoft.DotNet.ILCompiler": { "type": "Direct", - "requested": "[8.0.26, )", - "resolved": "8.0.26", - "contentHash": "TopkZJbGfDfqNRQatno3/UZh8t/mo4tlglGVtcUAZDEplx/DhmBUSoT7UM7M6W0/ah1Wbe6e46FOLDyHL8K4nQ==" + "requested": "[8.0.27, )", + "resolved": "8.0.27", + "contentHash": "2RDzeGQisWc0e4uJpT8WmMQ8Xccf4bZr4bVVV9iGnfnEZCPo//G01MLLCmGHScwLX4zCegNZRNftgUfgWlBb+g==" }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[8.0.26, )", - "resolved": "8.0.26", - "contentHash": "o7/yVssM2r9Wyln2s9edBd5ANZXqdSdBI+g7JqXkyJmXrhs2WsJp25K5yPnYrTgdKBCjKB8bg+O2oew4sgzFaA==" + "requested": "[8.0.27, )", + "resolved": "8.0.27", + "contentHash": "rQi9TxifHRnXP7lVRZH05DxD2/XGbJp12q0ozcbrlBlBnyyzssFTH/2vLhtKWUp2CT1qVscTrcYTFiwTyKPKRg==" }, "Microsoft.SourceLink.GitHub": { "type": "Direct", From af8f7c0d009524b4f7e124fa136caade611d5755 Mon Sep 17 00:00:00 2001 From: Olha Kramarenko Date: Tue, 26 May 2026 13:02:16 +0300 Subject: [PATCH 2/3] try this for testing --- .github/workflows/config.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/config.yml b/.github/workflows/config.yml index 0d830e318..9f9fd0af0 100644 --- a/.github/workflows/config.yml +++ b/.github/workflows/config.yml @@ -193,7 +193,7 @@ jobs: run: python .github\workflows\s2ms_cluster.py terminate publish: - if: github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') + if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest permissions: id-token: write @@ -216,4 +216,4 @@ jobs: fi echo "NuGet Trusted Publishing login succeeded." - echo "Temporary API key was returned, but it was not printed." \ No newline at end of file + echo "Temporary API key was returned, but it was not printed." From 4a5aac26aa7fb3ffa81558a29e5ed59526965a39 Mon Sep 17 00:00:00 2001 From: Olha Kramarenko Date: Tue, 26 May 2026 13:29:51 +0300 Subject: [PATCH 3/3] update publish job + revert packages.lock.json changes --- .github/workflows/config.yml | 47 +++++++++++++------ .../packages.lock.json | 24 +++++----- 2 files changed, 45 insertions(+), 26 deletions(-) diff --git a/.github/workflows/config.yml b/.github/workflows/config.yml index 9f9fd0af0..001b8e473 100644 --- a/.github/workflows/config.yml +++ b/.github/workflows/config.yml @@ -192,28 +192,47 @@ jobs: if: always() run: python .github\workflows\s2ms_cluster.py terminate + publish: - if: github.event_name == 'pull_request' || github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') - runs-on: ubuntu-latest + if: startsWith(github.ref, 'refs/tags/') + needs: [test-ubuntu, test-windows] + runs-on: windows-latest permissions: id-token: write steps: + - uses: actions/checkout@v5 + + - name: Install .NET + uses: actions/setup-dotnet@v5 + with: + dotnet-version: ${{ env.DOTNET_VERSION }} + + - name: Build project binaries + run: dotnet build -c Release + + - name: Create CI Artifacts directory + run: mkdir net_connector + + - name: Build NuGet package + run: dotnet pack -c Release --output net_connector -p:PackageVersion=${{ env.CONNECTOR_VERSION }} + + - name: Upload artifact + uses: actions/upload-artifact@v5 + with: + name: net_connector + path: net_connector/ + + # Get a short-lived NuGet API key - name: NuGet login (OIDC → temp API key) uses: NuGet/login@v1 id: login with: user: ${{ secrets.NUGET_USER }} - - name: Confirm NuGet login worked - shell: bash - env: - NUGET_API_KEY: ${{ steps.login.outputs.NUGET_API_KEY }} - run: | - if [ -z "$NUGET_API_KEY" ]; then - echo "NuGet login did not return a temporary API key." - exit 1 - fi - - echo "NuGet Trusted Publishing login succeeded." - echo "Temporary API key was returned, but it was not printed." + # Push the package + - name: NuGet push + run: > + dotnet nuget push "net_connector/SingleStoreConnector.${{ env.CONNECTOR_VERSION }}.nupkg" + --api-key ${{steps.login.outputs.NUGET_API_KEY}} + --source https://api.nuget.org/v3/index.json diff --git a/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json b/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json index 6ab93bf5e..e466b627d 100644 --- a/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json +++ b/tests/SingleStoreConnector.NativeAot.Tests/packages.lock.json @@ -4,15 +4,15 @@ "net10.0": { "Microsoft.DotNet.ILCompiler": { "type": "Direct", - "requested": "[10.0.8, )", - "resolved": "10.0.8", - "contentHash": "IG4ZS8fP7whR7OeFjC2mxq9n/yd/QsUliHdQ/Kp0OJ+RObeSJx4HLLGs7/Sxghk/U+S3rmpUOsgLheqBcqlMUw==" + "requested": "[10.0.7, )", + "resolved": "10.0.7", + "contentHash": "S53itVb3/l5wEyvdOukwxGzRtw7JSKuh2GurW3W5R57w4nxbZZ+7qCu+5jVlowLmgGrQ7yxJLZdpJc1Vpv8aig==" }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[10.0.8, )", - "resolved": "10.0.8", - "contentHash": "SyfHfPwnylzDkj7u6KiwiIgVP+gc1Ud0ybomjT/sOGJLrGC6KLWR3zUvnTTcwwGK3YqGXsFWEl0opREH11H8pg==" + "requested": "[10.0.7, )", + "resolved": "10.0.7", + "contentHash": "Y0O2XrQiNYsW9UM2GhH/8faornu9pYXdd9YBcb/CrBnCOw5QtFqgh8bFd5zjxbrdoSVxGPUn1hWSrKtD0SEPzg==" }, "Microsoft.SourceLink.GitHub": { "type": "Direct", @@ -80,15 +80,15 @@ "net8.0": { "Microsoft.DotNet.ILCompiler": { "type": "Direct", - "requested": "[8.0.27, )", - "resolved": "8.0.27", - "contentHash": "2RDzeGQisWc0e4uJpT8WmMQ8Xccf4bZr4bVVV9iGnfnEZCPo//G01MLLCmGHScwLX4zCegNZRNftgUfgWlBb+g==" + "requested": "[8.0.26, )", + "resolved": "8.0.26", + "contentHash": "TopkZJbGfDfqNRQatno3/UZh8t/mo4tlglGVtcUAZDEplx/DhmBUSoT7UM7M6W0/ah1Wbe6e46FOLDyHL8K4nQ==" }, "Microsoft.NET.ILLink.Tasks": { "type": "Direct", - "requested": "[8.0.27, )", - "resolved": "8.0.27", - "contentHash": "rQi9TxifHRnXP7lVRZH05DxD2/XGbJp12q0ozcbrlBlBnyyzssFTH/2vLhtKWUp2CT1qVscTrcYTFiwTyKPKRg==" + "requested": "[8.0.26, )", + "resolved": "8.0.26", + "contentHash": "o7/yVssM2r9Wyln2s9edBd5ANZXqdSdBI+g7JqXkyJmXrhs2WsJp25K5yPnYrTgdKBCjKB8bg+O2oew4sgzFaA==" }, "Microsoft.SourceLink.GitHub": { "type": "Direct",