This GitHub Action enables secure, passwordless authentication to NuGet servers using OpenID Connect (OIDC). It obtains a short-lived NuGet API key by exchanging the GitHub OIDC token with your NuGet-compatible token service.
- name: NuGet Login
uses: NuGet/login@v1
with:
user: my-nuget-usernameThis action outputs a temporary API key as NUGET_API_KEY which can be used in subsequent steps:
- name: Push package
run: |
dotnet nuget push mypkg.nupkg \
--api-key "${{ steps.login.outputs.NUGET_API_KEY }}" \
--source https://www.nuget.org/api/v2/package- GitHub generates an OIDC token scoped to your workflow.
- This action exchanges the OIDC token with your NuGet-compatible token service.
- A short-lived NuGet API key is returned for use in package publishing.
| Name | Required | Description |
|---|---|---|
user |
✅ Yes | Your NuGet account username. |
token-service-url |
❌ No | URL to your NuGet server's token endpoint (default: https://www.nuget.org/api/v2/token) |
audience |
❌ No | OIDC audience (default: https://www.nuget.org) |
| Name | Description |
|---|---|
NUGET_API_KEY |
The short-lived API key returned by the NuGet token service. |
name: Publish NuGet package
on:
push:
branches: [main]
permissions:
id-token: write
contents: read
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: NuGet Login
uses: NuGet/login@v1
id: login
with:
user: my-nuget-username
- name: Push package
run: dotnet nuget push ./bin/*.nupkg --api-key "${{ steps.login.outputs.NUGET_API_KEY }}" --source https://www.nuget.org/api/v2/package