# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Publish

on:
  push:
    tags:
      - '*'
    branches:
      - main

permissions:
  id-token: write

env:
  DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
  DOTNET_CLI_TELEMETRY_OPTOUT: true

jobs:

  ###################################################
  # PUBLISH
  ###################################################

  build:
    name: Publish NuGet Packages
    runs-on: windows-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Azure login
        uses: azure/login@v2
        with:
          client-id: ${{ secrets.AZURE_CLIENT_ID }}
          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
          allow-no-subscriptions: true

      - name: Setup .NET SDK (global.json)
        uses: actions/setup-dotnet@v5

      - name: Publish
        shell: bash
        run: |
          dotnet tool restore
          dotnet make publish --sign \
            --nuget-key="${{secrets.NUGET_SIGNING_API_KEY}}" \
            --keyvaultUrl="${{secrets.SIGN_KEYVAULT_URL}}" \
            --keyvaultCertificate="${{secrets.SIGN_KEYVAULT_CERTIFICATE}}"