From 8fda47d4d8edb7efdd6ce6e091737817824d4ce8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 20:53:40 +0000 Subject: [PATCH 1/4] Initial plan From f3b820245e2be410a92a5fe654f88a6cf68be698 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 20:57:11 +0000 Subject: [PATCH 2/4] Add GitHub Action workflow for publishing NuGet package and update README Co-authored-by: AaronCrawfis <54363786+AaronCrawfis@users.noreply.github.com> --- .github/workflows/publish-nuget.yml | 51 +++++++++++++++++++++++++++++ README.md | 19 +++++++++++ 2 files changed, 70 insertions(+) create mode 100644 .github/workflows/publish-nuget.yml diff --git a/.github/workflows/publish-nuget.yml b/.github/workflows/publish-nuget.yml new file mode 100644 index 0000000..48dba47 --- /dev/null +++ b/.github/workflows/publish-nuget.yml @@ -0,0 +1,51 @@ +name: Publish NuGet Package + +on: + workflow_dispatch: + inputs: + version: + description: 'NuGet Package Version (e.g., 1.1.0)' + required: true + default: '1.1.0' + +jobs: + publish: + runs-on: windows-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + + - name: Set up .NET Core + uses: actions/setup-dotnet@v4 + with: + dotnet-version: '8.0.x' + + - name: Authenticate with Azure + uses: azure/login@v1 + with: + creds: ${{ secrets.EZRADIUS_CLIENT_DEPLOYER }} + + - name: Install AzureSignTool + run: dotnet tool install --global AzureSignTool + + - name: Build NuGet Package + run: dotnet build .\EZRadiusClient\EZRadiusClient.csproj -c Release -p:Version=${{ inputs.version }} + + - name: Sign NuGet Package + run: | + $akvToken = (az account get-access-token --resource https://vault.azure.net --query "accessToken").Replace('"','') + azuresigntool sign --azure-key-vault-url https://codesigningkeytos.vault.azure.net/ -kvc globalsign --azure-key-vault-accesstoken $akvToken -tr http://timestamp.digicert.com .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg + shell: pwsh + + - name: Verify NuGet Package + run: dotnet nuget verify --all .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg + + - name: Publish to NuGet.org + run: dotnet nuget push .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate + + - name: Upload Package Artifact + uses: actions/upload-artifact@v4 + with: + name: nuget-package + path: .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg diff --git a/README.md b/README.md index 01da5ba..a2f7484 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,25 @@ To run the SampleApp, it requires a token scope ID, a url for EZRadius instance 2) Use the SampleApp to see how the client can be used and configured (must have EZRadius instance with a Radius policy) 3) If you would like to call the sample app from the command line, you can download a signed version from [here](https://download.keytos.io/Downloads/EZRADIUS/RADIUSConsole.exe) +## Publishing a New Release + +To publish a new version of the EZRadiusClient NuGet package: + +1. Navigate to the **Actions** tab in the GitHub repository +2. Select the **Publish NuGet Package** workflow from the left sidebar +3. Click the **Run workflow** button +4. Enter the new version number (e.g., `1.2.0`) in the version input field +5. Click **Run workflow** to start the process + +The workflow will: +- Build the NuGet package with the specified version +- Sign the package using Azure Code Signing +- Verify the package signature +- Publish the package to NuGet.org +- Upload the package as an artifact for reference + +**Note:** Ensure that the version number follows semantic versioning (MAJOR.MINOR.PATCH) and hasn't been published before. + ## Displaying Radius Policies Starting with a basic feature, the ```show``` verb will display all the Radius policies. This command calls the ```GetRadiusPoliciesAsync()``` method and prints to the console the Radius policies and their attributes currently in the passed EZRadius instance. From 31e9ecd095b2d267f5d9a02c0ed2c4eaef8a5081 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 20:58:20 +0000 Subject: [PATCH 3/4] Fix YAML formatting and remove trailing spaces Co-authored-by: AaronCrawfis <54363786+AaronCrawfis@users.noreply.github.com> --- .github/workflows/publish-nuget.yml | 36 ++++++++++++++++++----------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/.github/workflows/publish-nuget.yml b/.github/workflows/publish-nuget.yml index 48dba47..7dae3f3 100644 --- a/.github/workflows/publish-nuget.yml +++ b/.github/workflows/publish-nuget.yml @@ -11,41 +11,51 @@ on: jobs: publish: runs-on: windows-latest - + steps: - name: Checkout Code uses: actions/checkout@v4 - + - name: Set up .NET Core uses: actions/setup-dotnet@v4 with: dotnet-version: '8.0.x' - + - name: Authenticate with Azure uses: azure/login@v1 with: creds: ${{ secrets.EZRADIUS_CLIENT_DEPLOYER }} - + - name: Install AzureSignTool run: dotnet tool install --global AzureSignTool - + - name: Build NuGet Package - run: dotnet build .\EZRadiusClient\EZRadiusClient.csproj -c Release -p:Version=${{ inputs.version }} - + run: > + dotnet build .\EZRadiusClient\EZRadiusClient.csproj + -c Release -p:Version=${{ inputs.version }} + - name: Sign NuGet Package run: | $akvToken = (az account get-access-token --resource https://vault.azure.net --query "accessToken").Replace('"','') azuresigntool sign --azure-key-vault-url https://codesigningkeytos.vault.azure.net/ -kvc globalsign --azure-key-vault-accesstoken $akvToken -tr http://timestamp.digicert.com .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg shell: pwsh - + - name: Verify NuGet Package - run: dotnet nuget verify --all .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg - + run: > + dotnet nuget verify --all + .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg + - name: Publish to NuGet.org - run: dotnet nuget push .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg --api-key ${{ secrets.NUGET_API_KEY }} --source https://api.nuget.org/v3/index.json --skip-duplicate - + run: > + dotnet nuget push + .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg + --api-key ${{ secrets.NUGET_API_KEY }} + --source https://api.nuget.org/v3/index.json + --skip-duplicate + - name: Upload Package Artifact uses: actions/upload-artifact@v4 with: name: nuget-package - path: .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg + path: > + .\EZRadiusClient\bin\Release\EZRadiusClient.${{ inputs.version }}.nupkg From 2a64780dc803355ae30f7c726b83254b5a0b7357 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 22 Dec 2025 21:00:54 +0000 Subject: [PATCH 4/4] Add explicit permissions to publish workflow for security Co-authored-by: AaronCrawfis <54363786+AaronCrawfis@users.noreply.github.com> --- .github/workflows/publish-nuget.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/publish-nuget.yml b/.github/workflows/publish-nuget.yml index 7dae3f3..6eb6b85 100644 --- a/.github/workflows/publish-nuget.yml +++ b/.github/workflows/publish-nuget.yml @@ -11,6 +11,9 @@ on: jobs: publish: runs-on: windows-latest + permissions: + contents: read + id-token: write steps: - name: Checkout Code