diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 80092f2..e4a76f5 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,4 +1,4 @@
-name: Create Release (on tag) + Publish to NuGet (OIDC)
+name: Publish to NuGet
# 触发条件:当有标签被推送到仓库时触发该工作流(例如 v1.0.0 或 1.0.0)
on:
@@ -42,34 +42,28 @@ jobs:
- name: Test
run: dotnet test --no-build -c Release --verbosity normal
- - name: Pack
- run: dotnet pack --no-build -c Release -o ./packages
+ - name: Determine tag version
+ id: tag_version
+ run: |
+ set -e
+ # GITHUB_REF example: refs/tags/v0.0.1 or refs/tags/0.0.1
+ echo "GITHUB_REF = ${GITHUB_REF}"
+ TAG=${GITHUB_REF#refs/tags/}
+ # remove leading 'v' or 'V' if present
+ VERSION=${TAG#v}
+ VERSION=${VERSION#V}
+ echo "tag='$TAG' -> version='$VERSION'"
+ echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+ - name: Pack (use tag version)
+ run: |
+ set -e
+ echo "Packing with version=${{ steps.tag_version.outputs.version }}"
+ dotnet pack --no-build -c Release -o ./packages -p:PackageVersion=${{ steps.tag_version.outputs.version }}
- name: Show packages
run: ls -la ./packages || true
- - name: Get Version and Package Path
- id: get_version
- run: |
- set -e
- PACKAGE_FILE=$(find ./packages -name "*.nupkg" | head -n 1)
- if [ -z "$PACKAGE_FILE" ]; then
- echo "No .nupkg file found in ./packages"
- exit 1
- fi
- VERSION=$(unzip -p "$PACKAGE_FILE" *.nuspec 2>/dev/null | sed -n 's:.*\(.*\).*:\1:p' | head -n1)
- if [ -z "$VERSION" ]; then
- echo "Failed to parse version from $PACKAGE_FILE"
- exit 1
- fi
- BASENAME=$(basename "$PACKAGE_FILE")
- echo "package_file=$PACKAGE_FILE" >> $GITHUB_OUTPUT
- echo "package_basename=$BASENAME" >> $GITHUB_OUTPUT
- echo "version=$VERSION" >> $GITHUB_OUTPUT
-
- # -----------------------
- # Get a short-lived NuGet API key via GitHub OIDC (NuGet login)
- # -----------------------
- name: NuGet login (OIDC → temp API key)
id: login
uses: NuGet/login@v1
@@ -77,38 +71,18 @@ jobs:
# 推荐把用户名放到仓库 Secret(不是邮箱),例如 ${{ secrets.NUGET_USER }}
# 也可以直接写用户名(不推荐),但通常使用 secret 更安全
user: ${{ secrets.NUGET_USER }}
- - name: Debug NuGet/login outputs (no secret printed)
- run: |
- echo "---- Debug: show package info and login output length ----"
- ls -la ./packages || true
- PKG=$(find ./packages -name "*.nupkg" | head -n1)
- if [ -z "$PKG" ]; then
- echo "No .nupkg found"
- exit 1
- fi
- echo "Found package: $PKG"
- echo "nuspec :"
- unzip -p "$PKG" *.nuspec 2>/dev/null | sed -n 's:.*\(.*\).*:\1:p' || true
- echo "nuspec :"
- unzip -p "$PKG" *.nuspec 2>/dev/null | sed -n 's:.*\(.*\).*:\1:p' || true
- # Check NuGet/login output length (do NOT print the key)
- echo -n "Length of steps.login.outputs.NUGET_API_KEY: "
- echo -n "${{ steps.login.outputs.NUGET_API_KEY }}" | wc -c
- echo
- # Also check whether the login step reported any error (GitHub Actions will show step logs)
- echo "---- end debug ----"
-
- - name: NuGet push (using short-lived API key from NuGet/login)
+ - name: NuGet push (using short-lived API key)
run: |
set -e
- PKG="${{ steps.get_version.outputs.package_file }}"
+ PKG=$(find ./packages -name "*.nupkg" | head -n1)
if [ -z "$PKG" ]; then
- echo "No package to push"
+ echo "No package found"
exit 1
fi
- echo "Pushing $PKG to nuget.org (via OIDC short-lived key)..."
+ echo "Pushing $PKG to nuget.org..."
dotnet nuget push "$PKG" \
--api-key "${{ steps.login.outputs.NUGET_API_KEY }}" \
--source https://api.nuget.org/v3/index.json \
- --skip-duplicate
+ --skip-duplicate --verbosity detailed
+