⚙️ Add NuGet trusted publishing via OIDC to CI workflow

Author: ramonsmits

.github/workflows/ci.yml

@@ -3,8 +3,13 @@ name: CI
 on:
   push:
     branches: [main]
+    tags: ['[0-9]*.*']
   pull_request:
     branches: [main]
+  workflow_dispatch:
+
+env:
+  DOTNET_NOLOGO: true
 
 jobs:
   build:
@@ -26,3 +31,35 @@ jobs:
       - run: just build-release
 
       - run: just test-release
+
+      - uses: actions/upload-artifact@v4
+        if: matrix.os == 'ubuntu-latest' && (startsWith(github.ref, 'refs/tags/') || github.event_name == 'workflow_dispatch')
+        with:
+          name: nuget
+          if-no-files-found: error
+          path: |
+            src/CronTimer/bin/Release/*.nupkg
+            src/CronTimer/bin/Release/*.snupkg
+
+  publish:
+    needs: build
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: nuget
+          path: artifacts
+
+      - uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: 10.x
+
+      - uses: NuGet/login@v1
+        id: login
+        with:
+          user: ${{ secrets.NUGET_USER }}
+
+      - run: dotnet nuget push 'artifacts/*.nupkg' -s https://api.nuget.org/v3/index.json -k ${{ steps.login.outputs.NUGET_API_KEY }} --skip-duplicate