Skip to content

Allow OIDC token exchange in Publish workflow for pull_request_target#24

Merged
einari merged 2 commits into
mainfrom
copilot/fix-publishing-issues
May 16, 2026
Merged

Allow OIDC token exchange in Publish workflow for pull_request_target#24
einari merged 2 commits into
mainfrom
copilot/fix-publishing-issues

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 16, 2026
edited
Loading

Summary

Publishing began failing after moving to pull_request_target because NuGet/login@v1 could not exchange an OIDC token. This change aligns the workflow permissions with NuGet trusted publishing requirements.

Added

  • Added workflow-level id-token: write to .github/workflows/publish.yml so OIDC token issuance is allowed for publishing.

Changed

  • Publish workflow permissions
    • Extended the existing top-level permissions block to include OIDC token permission.
  • Snippet 
    permissions:
  contents: write
  packages: write
  id-token: write

Fixed

  • Fixed NuGet trusted publishing failure on pull_request_target (The GitHub Actions event 'pull_request_target' is not allowed) by enabling the required OIDC permission scope.

Removed

  • None.

Security

  • Keeps NuGet authentication on short-lived OIDC credentials while preserving existing repository/package permission scopes.

Deprecated

  • None.

Copilot AI linked an issue May 16, 2026 that may be closed by this pull request
Issues publishing #23
Closed
Copilot AI changed the title [WIP] Fix issues publishing with pull_request_target trigger Allow OIDC token exchange in Publish workflow for pull_request_target May 16, 2026
Copilot finished work on behalf of einari May 16, 2026 07:18
Copilot AI requested a review from einari May 16, 2026 07:18
@einari einari marked this pull request as ready for review May 16, 2026 07:25
@einari einari merged commit ee19fc5 into main May 16, 2026
@einari einari deleted the copilot/fix-publishing-issues branch May 16, 2026 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@einari einari Awaiting requested review from einari

Assignees

@einari einari

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Issues publishing

2 participants

@einari