We should switch from using API keys to publish packages to NuGet.org to the new Trusted Publishing feature: New Trusted Publishing enhances security on NuGet.org
This is more secure, and avoids the need to renew/rotate NuGet API keys.
See grafana/grafana-opentelemetry-dotnet#266 for an example of adopting this.
As you have three different GitHub Actions workflows to publish the NuGet packages, you'll need to create a trusted publishing policy for each one. Values you'll need are below:
- Repository organization:
grafana
- Repository name:
pyroscope-dotnet
- Workflow file:
tag_managed_helper.yml or tag_tracing_opentracing_helper.yml or tag_tracing_opentelemetry_helper.yml
We should switch from using API keys to publish packages to NuGet.org to the new Trusted Publishing feature: New Trusted Publishing enhances security on NuGet.org
This is more secure, and avoids the need to renew/rotate NuGet API keys.
See grafana/grafana-opentelemetry-dotnet#266 for an example of adopting this.
As you have three different GitHub Actions workflows to publish the NuGet packages, you'll need to create a trusted publishing policy for each one. Values you'll need are below:
grafanapyroscope-dotnettag_managed_helper.ymlortag_tracing_opentracing_helper.ymlortag_tracing_opentelemetry_helper.yml