Updated preview-release.yml to support Trusted Publishing

Author: Syzuna

.github/workflows/preview-release.yml

@@ -8,9 +8,13 @@ jobs:
   release-preview:
    if: "! contains(toJSON(github.event.commits.*.message), '[skip-ci]')"
    runs-on: ubuntu-latest
+   permissions:
+      id-token: write  # enable GitHub OIDC token issuance for this job
 
    steps:
    - uses: actions/checkout@v5
+   - uses: benjlevesque/short-sha@v3.0
+     id: short-sha
    - name: Setup .NET
      uses: actions/setup-dotnet@v5
      with:
@@ -20,9 +24,15 @@ jobs:
    - name: Build TwitchLib.Client
      run: dotnet build -c Release --no-restore
    - name: Pack TwitchLib.Client
-     run: dotnet pack TwitchLib.Client.sln -v normal -c Release --no-build --version-suffix "preview.${{ github.run_number }}.${{ github.sha }}"
+     run: dotnet pack TwitchLib.Client.sln -v normal -c Release --no-build --version-suffix "preview.${{ github.run_number }}.${{ steps.short-sha.outputs.sha }}"
+   # Get a short-lived NuGet API key
+   - name: NuGet login (OIDC → temp API key)
+     uses: NuGet/login@v1
+     id: login
+     with:
+       user: ${{ secrets.NUGET_USER }}
    - name: Push to Nuget
-     run: dotnet nuget push "./artifacts/package/release/*.nupkg" -k ${{ secrets.API_NUGET_TOKEN }} -s https://api.nuget.org/v3/index.json
+     run: dotnet nuget push "./artifacts/package/release/*.nupkg" --api-key ${{steps.login.outputs.NUGET_API_KEY}} -s https://api.nuget.org/v3/index.json
    - name: Send Discord Notification
      uses: sarisia/actions-status-discord@v1
      if: always()