Use GITHUB_TOKEN to publish packages in CI

Using a personal access token for the NuGet package registry was bothering me so I checked the docs. There now a better way: > If you're using a registry that supports granular permissions, and your workflow is using a personal access token to authenticate to the registry, then we highly recommend you update your workflow to use the GITHUB_TOKEN. > ~ from https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#authenticating-to-package-registries-with-granular-permissions The NuGet registry supports granular permissions :star-struck: . That GITHUB_TOKEN is generated and managed by GitHub so using that secret means we won't be bitten by expiring tokens (because all tokens should have an expiry date) or people leaving and the personal access tokens losing access. This change switches to `GITHUB_TOKEN`, which will allow us to deprecate `LBHPACKAGESTOKEN` secret in GitHub Actions.
LBHackney-IT · Oct 1, 2024 · 015823b · 015823b
1 parent 5ac9fbe
commit 015823b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -69,4 +69,4 @@ jobs:
       - name: Publish the Package
         run: |
           cd Hackney.Shared.HousingSearch/bin/Release
-          dotnet nuget push Hackney.Shared.HousingSearch.*.nupkg -s https://nuget.pkg.github.com/LBHackney-IT/index.json --api-key ${{secrets.NUGET_KEY }}
+          dotnet nuget push Hackney.Shared.HousingSearch.*.nupkg -s https://nuget.pkg.github.com/LBHackney-IT/index.json --api-key ${{ secrets.GITHUB_TOKEN }}