From a9ffa50b4154c0ff8e3152f0badb262e2bd78c03 Mon Sep 17 00:00:00 2001
From: f1x3d <17356460+f1x3d@users.noreply.github.com>
Date: Sun, 5 Oct 2025 18:56:56 +0000
Subject: [PATCH] Migrate to NuGet Trusted Publishing

---
 .github/workflows/ci.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7de9ac8..deb3332 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -68,6 +68,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      id-token: write
     steps:
     - name: Download build artifacts
       uses: actions/download-artifact@v4
@@ -81,10 +82,14 @@ jobs:
         dotnet-version: ${{ env.DOTNET_VERSION }}
         dotnet-quality: ${{ env.DOTNET_QUALITY }}
 
+    - name: Get NuGet.org API key
+      uses: NuGet/login@v1
+      id: nuget-login
+      with:
+        user: ${{ vars.NUGET_USER }}
+
     - name: Publish to NuGet.org
-      run: dotnet nuget push **/*.nupkg -k $NUGET_API_KEY -s https://api.nuget.org/v3/index.json --skip-duplicate
-      env:
-        NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
+      run: dotnet nuget push **/*.nupkg -k ${{ steps.nuget-login.outputs.NUGET_API_KEY }} -s https://api.nuget.org/v3/index.json --skip-duplicate
 
     - name: Add the GitHub Packages source
       run: dotnet nuget add source --username $GITHUB_USERNAME --password $GITHUB_TOKEN --store-password-in-clear-text --name github "$FEED_SOURCE"