Skip to content

Add Azure signing#16

Open
okramarenko wants to merge 4 commits into
masterfrom
addazure
Open

Add Azure signing#16
okramarenko wants to merge 4 commits into
masterfrom
addazure

Conversation

@okramarenko

Copy link
Copy Markdown
Collaborator

No description provided.

@cursor

cursor Bot commented Jul 13, 2026

Copy link
Copy Markdown

PR Summary

High Risk
Publish behavior changes materially: packages are signed with production Azure credentials but automatic NuGet.org push and draft releases are gone, and publish may run without test gates or tag-only triggers.

Overview
Release signing is added to the publish job: workflow env vars for Azure Trusted Signing, azure/login@v2 (OIDC secrets), global install of the prerelease sign CLI, and an artifact-signing step on efcore_provider/*.nupkg before upload.

Release automation is narrowed. The job no longer depends on test-ubuntu / test-windows or the refs/tags/v condition. on.push no longer limits to master or version tags. Removed steps: dotnet nuget push (after NuGet OIDC login) and the draft GitHub release via softprops/action-gh-release@v2. The signed package is still uploaded as the efcore-provider artifact.

Reviewed by Cursor Bugbot for commit f5ca63b. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant