From 113fe3e10ef2022d0367c6790c780d285c17e2fe Mon Sep 17 00:00:00 2001 From: Patrik Svensson Date: Tue, 6 Jan 2026 20:06:46 +0100 Subject: [PATCH] Enable signing of artifacts --- .github/workflows/publish.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 21f1bcab..5345e7f9 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -8,6 +8,9 @@ on: branches: - main +permissions: + id-token: write + env: DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true DOTNET_CLI_TELEMETRY_OPTOUT: true @@ -28,6 +31,13 @@ jobs: with: fetch-depth: 0 + - name: Azure login + uses: azure/login@v2 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + - name: Setup .NET SDK (global.json) uses: actions/setup-dotnet@v5 @@ -35,4 +45,7 @@ jobs: shell: bash run: | dotnet tool restore - dotnet make publish --nuget-key="${{secrets.NUGET_API_KEY}}" \ No newline at end of file + dotnet make publish --sign \ + --nuget-key="${{secrets.NUGET_API_KEY}}" \ + --keyvaultUrl="${{secrets.SIGN_KEYVAULT_URL}}" \ + --keyvaultCertificate="${{secrets.SIGN_KEYVAULT_CERTIFICATE}}" \ No newline at end of file