From 4e48a7749d3151d599fc2e5b016e8a8e20d27cd4 Mon Sep 17 00:00:00 2001
From: Michel Oliveira <118028741+micheloliveira-com@users.noreply.github.com>
Date: Fri, 26 Sep 2025 16:56:45 -0300
Subject: [PATCH 1/2] feat(actions): add nuget trusted publishing

---
 .github/workflows/main.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 30267363..a97b2584 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -205,10 +205,18 @@ jobs:
           --source https://nuget.pkg.github.com/passwordless-lib/index.json
           --api-key ${{ secrets.GITHUB_TOKEN }}
 
+      # Only login to NuGet on stable release
+      - name: NuGet login (NuGet Registry)
+        uses: NuGet/login@v1
+        if: ${{ github.event_name == 'release' || github.event.inputs.force_release }}
+        id: nuget-login
+        with:
+          user: ${{ secrets.NUGET_USER }}
+
       # Only publish to NuGet on stable releases
       - name: Publish packages (NuGet Registry)
         if: ${{ github.event_name == 'release' || github.event.inputs.force_release }}
         run: >
           dotnet nuget push **/*.nupkg
           --source https://api.nuget.org/v3/index.json
-          --api-key ${{ secrets.nuget_api_key }}
+          --api-key ${{ steps.nuget-login.outputs.NUGET_API_KEY }}

From e12268b363c1bc1a9f1f1ebb9098d02787a3c877 Mon Sep 17 00:00:00 2001
From: Michel Oliveira <118028741+micheloliveira-com@users.noreply.github.com>
Date: Fri, 26 Sep 2025 16:58:18 -0300
Subject: [PATCH 2/2] fix: add permission id-token: write on deploy

---
 .github/workflows/main.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a97b2584..24a176d3 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -183,6 +183,7 @@ jobs:
     permissions:
       actions: read
       packages: write
+      id-token: write
 
     steps:
       - name: Download artifacts