From f3caab106cd0af9e19572872867517bd6543fbd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Czy=C5=BC?= <me@jakubc.pl>
Date: Mon, 22 Jun 2026 13:41:17 +0200
Subject: [PATCH] use trusted publishing

---
 .../workflows/tripletex-sdk-dotnet-nuget.yml  | 76 ++++++++++---------
 1 file changed, 42 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/tripletex-sdk-dotnet-nuget.yml b/.github/workflows/tripletex-sdk-dotnet-nuget.yml
index afa0de5..ffb28b1 100644
--- a/.github/workflows/tripletex-sdk-dotnet-nuget.yml
+++ b/.github/workflows/tripletex-sdk-dotnet-nuget.yml
@@ -1,46 +1,54 @@
-
 name: Publish Nuget Package
 
 on:
   push:
-    branches: [ master, main ]
+    branches: [master, main]
   pull_request:
-    branches: [ master, main ]
+    branches: [master, main]
 
 env:
   API_KEY: ${{ secrets.NUGET_PACKAGES_GITHUB_API_KEY }}
-  
+
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: read
+      id-token: write
     steps:
-    - uses: actions/checkout@v2
-    - name: Setup .NET
-      uses: actions/setup-dotnet@v1
-      with:
-        dotnet-version: 7.0.x
-
-    - name: Set Environment Variables
-      uses: ./.github/actions/setvars
-      with:
-        varFilePath: ./.github/variables/version.env
-
-    - name: Set package version
-      run: |
-        if [[ $GITHUB_REF == 'refs/heads/main' && $GITHUB_EVENT_NAME == 'push' ]]; then
-            echo "VERSION=${{ env.VERSION }}.${{ github.run_number}}" >> "$GITHUB_ENV"
-        else
-            echo "VERSION=${{ env.VERSION }}.${{ github.run_number}}-beta" >> "$GITHUB_ENV"
-        fi
-
-    - name: Package
-      working-directory: BccCode.Tripletex.Client
-      run:  |
-        dotnet pack -p:PackageVersion=${{ env.VERSION }} -c Release -o . BccCode.Tripletex.Client.csproj -p:GeneratePackageOnBuild=false
-
-    - name: Publish
-      working-directory: BccCode.Tripletex.Client
-      run: |
-        dotnet nuget push BccCode.Tripletex.Client*.nupkg -k ${{env.API_KEY}} -s https://api.nuget.org/v3/index.json --skip-duplicate
+      - uses: actions/checkout@v2
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v1
+        with:
+          dotnet-version: 7.0.x
+
+      - name: Set Environment Variables
+        uses: ./.github/actions/setvars
+        with:
+          varFilePath: ./.github/variables/version.env
+
+      - name: Set package version
+        run: |
+          if [[ $GITHUB_REF == 'refs/heads/main' && $GITHUB_EVENT_NAME == 'push' ]]; then
+              echo "VERSION=${{ env.VERSION }}.${{ github.run_number}}" >> "$GITHUB_ENV"
+          else
+              echo "VERSION=${{ env.VERSION }}.${{ github.run_number}}-beta" >> "$GITHUB_ENV"
+          fi
+
+      - name: Package
+        working-directory: BccCode.Tripletex.Client
+        run: |
+          dotnet pack -p:PackageVersion=${{ env.VERSION }} -c Release -o . BccCode.Tripletex.Client.csproj -p:GeneratePackageOnBuild=false
+
+      - uses: NuGet/login@v1
+        id: login
+        with:
+          user: ${{vars.NUGET_USER}}
+
+      - name: Publish
+        working-directory: BccCode.Tripletex.Client
+        run: |
+          dotnet nuget push BccCode.Tripletex.Client*.nupkg \
+            --api-key ${{ steps.login.outputs.NUGET_API_KEY }} \
+            --source https://api.nuget.org/v3/index.json \
+            --skip-duplicate