Merge pull request #12 from Alos-no/develop

alexis- · web-flow · commit 0008ed104bca · 2025-12-09T01:16:20.000+01:00
Updated GH workflow
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -6,13 +6,23 @@ on:
   pull_request:
     branches: [ "main", "develop" ]
 
+# Cancel in-progress runs when a new run is triggered for the same branch/PR.
+# This prevents resource conflicts during integration tests and saves CI minutes.
+# Reference: https://docs.github.com/en/actions/using-jobs/using-concurrency
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 # Restrict default permissions for security
 permissions:
   contents: read
 
 jobs:
-  # First, build the solution using the reusable workflow
+  # First, build the solution using the reusable workflow.
+  # Skip for PRs from develop→main since the code was already tested on push to develop.
+  # Reference: https://docs.github.com/en/actions/learn-github-actions/contexts#github-context
   build:
+    if: ${{ !(github.event_name == 'pull_request' && github.head_ref == 'develop' && github.base_ref == 'main') }}
     uses: ./.github/workflows/build.yml
     with:
       configuration: Debug
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -110,20 +110,23 @@ jobs:
       - name: NuGet Trusted Publishing Login
         # Exchange GitHub OIDC token for a short-lived NuGet API key
         # This eliminates the need for long-lived API key secrets
+        # Reference: https://github.com/NuGet/login
         if: ${{ github.event.inputs.dry_run != 'true' }}
+        id: nuget-login
         uses: nuget/login@v1
         with:
-          owner: ${{ secrets.NUGET_USER }}
+          user: ${{ secrets.NUGET_USER }}
 
       - name: Push packages to NuGet.org
         # Push all packages to NuGet.org
         # --skip-duplicate ensures idempotency - already published versions are skipped
-        # No --api-key needed - the login action configures authentication automatically
+        # The API key is obtained from the login step's output (valid for ~1 hour)
         if: ${{ github.event.inputs.dry_run != 'true' }}
         run: |
           for package in ./artifacts/*.nupkg; do
             echo "Pushing: $package"
             dotnet nuget push "$package" \
+              --api-key "${{ steps.nuget-login.outputs.NUGET_API_KEY }}" \
               --source https://api.nuget.org/v3/index.json \
               --skip-duplicate
           done
