Try github actions.

Author: maximovicd

.github/workflows/release.yml

@@ -0,0 +1,74 @@
+name: Package and publish nupkg
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build app, sign files with Trusted Signing and deploy to NuGet
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup MSBuild
+        uses: microsoft/setup-msbuild@v1
+
+      - name: Restore NuGet packages
+        run: cd src && nuget restore && cd ..
+
+      - name: Build
+        run: msbuild .\src\Org.Openfeed.Client\Org.Openfeed.Client.csproj /t:Pack /p:Configuration=Release /p:PackageOutputPath=..\..\publish
+
+      - name: List files in publish directory
+        run: dir .\publish
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: BuildArtifacts
+          path: ./publish/*.nupkg
+
+  sign:
+    needs: build
+    runs-on: windows-latest
+    permissions:
+      id-token: write # Required for requesting the JWT
+
+    steps:
+      - name: Download build artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: BuildArtifacts
+          path: BuildArtifacts
+
+      # .NET is required on the agent for the tool to run
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: "9.x"
+
+      # Install the code signing tool
+      - name: Install Sign CLI tool
+        run: dotnet tool install --tool-path . --prerelease sign
+
+      # Login to Azure using a ServicePrincipal configured to authenticate agaist a GitHub Action
+      - name: "Az CLI login"
+        uses: azure/login@v1
+        with:
+          allow-no-subscriptions: true
+          creds: ${{ secrets.AZURE_CREDS }}
+
+      # Run the signing command
+      - name: Sign artifacts
+        shell: pwsh
+        run: >
+          ./sign code trusted-signing *.nupkg --trusted-signing-endpoint ${{ secrets.AZURE_ENDPOINT }} --trusted-signing-account ${{secrets.AZURE_CODE_SIGNING_NAME}} --trusted-signing-certificate-profile ${{secrets.AZURE_CERT_PROFILE_NAME}}
+          --base-directory "${{ github.workspace }}/BuildArtifacts"
+
+      # Publish the signed packages
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: BuildArtifacts
+          path: SignedArtifacts

src/Org.Openfeed.Client/Org.Openfeed.Client.csproj

@@ -46,21 +46,4 @@
       <PackagePath></PackagePath>
     </None>
   </ItemGroup>
-
-  <PropertyGroup>
-    <TargetsTriggeredByCompilation>Sign</TargetsTriggeredByCompilation>
-  </PropertyGroup>
-
-  <Target Name="Sign" Condition="'$(Configuration)' == 'Publish'">
-    <SignFile CertificateThumbprint="$(CertificateThumbprint)" SigningTarget="@(IntermediateAssembly)" TimestampUrl="$(TimestampUrl)" />
-  </Target>
-
-  <Target Name="SignAfterPack" DependsOnTargets="Pack" Condition="'$(Configuration)' == 'Publish'">
-    <Exec Command="nuget sign $(OutputPath)..\$(PackageId).$(PackageVersion).nupkg -CertificateFingerprint $(CertificateThumbprint) -Timestamper $(TimestampUrl)" />
-    <Exec Command="nuget sign $(OutputPath)..\$(PackageId).$(PackageVersion).snupkg -CertificateFingerprint $(CertificateThumbprint) -Timestamper $(TimestampUrl)" />
-  </Target>
-
-  <Target Name="PublishToNuGet" DependsOnTargets="SignAfterPack" Condition="'$(Configuration)' == 'Publish'">
-    <Exec Command="nuget push $(OutputPath)..\$(PackageId).$(PackageVersion).nupkg -ApiKey $(NuGetApiKey) -Source https://api.nuget.org/v3/index.json" />
-  </Target>
 </Project>