From a3a52c171bd656043a27219d05404089e6240af2 Mon Sep 17 00:00:00 2001
From: Chris Simmons <gitlab.com@netchris.com>
Date: Sat, 28 Feb 2026 15:27:51 -0800
Subject: [PATCH 1/6] Try NuGet trusted publishing

---
 .github/workflows/publish-nuget-org-pre-release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish-nuget-org-pre-release.yml b/.github/workflows/publish-nuget-org-pre-release.yml
index 490d454..c86c9ea 100644
--- a/.github/workflows/publish-nuget-org-pre-release.yml
+++ b/.github/workflows/publish-nuget-org-pre-release.yml
@@ -10,5 +10,5 @@ jobs:
       checks: write
       contents: read
       packages: write
-    uses: NetChris/workflows/.github/workflows/pre-release-nuget-org.yml@v2
+    uses: NetChris/workflows/.github/workflows/pre-release-nuget-org.yml@nuget-trusted-publishing
     secrets: inherit

From 11da70988ae01ff6f2acc3aa30cbd6538fa60416 Mon Sep 17 00:00:00 2001
From: Chris Simmons <chris.dev@netchris.com>
Date: Sat, 28 Feb 2026 16:54:13 -0800
Subject: [PATCH 2/6] Try OIDC on pre-release

---
 .../publish-nuget-org-pre-release.yml         | 22 +++++++++++++------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/publish-nuget-org-pre-release.yml b/.github/workflows/publish-nuget-org-pre-release.yml
index c86c9ea..5142eb8 100644
--- a/.github/workflows/publish-nuget-org-pre-release.yml
+++ b/.github/workflows/publish-nuget-org-pre-release.yml
@@ -5,10 +5,18 @@ on:
     types: [prereleased]
 
 jobs:
-  push:
-    permissions:
-      checks: write
-      contents: read
-      packages: write
-    uses: NetChris/workflows/.github/workflows/pre-release-nuget-org.yml@nuget-trusted-publishing
-    secrets: inherit
+  nuget-oidc:
+    name: NuGet login (OIDC → temp API key)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: NuGet/login@v1
+        id: login
+        with:
+          user: ChrisSimmons
+  # push:
+  #   permissions:
+  #     checks: write
+  #     contents: read
+  #     packages: write
+  #   uses: NetChris/workflows/.github/workflows/pre-release-nuget-org.yml@nuget-trusted-publishing
+  #   secrets: inherit

From 22f0ae88ab09b28f6041a50d5f7049628ff94eba Mon Sep 17 00:00:00 2001
From: Chris Simmons <chris.dev@netchris.com>
Date: Sat, 28 Feb 2026 16:57:41 -0800
Subject: [PATCH 3/6] Permissions

---
 .github/workflows/publish-nuget-org-pre-release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/publish-nuget-org-pre-release.yml b/.github/workflows/publish-nuget-org-pre-release.yml
index 5142eb8..775ddb3 100644
--- a/.github/workflows/publish-nuget-org-pre-release.yml
+++ b/.github/workflows/publish-nuget-org-pre-release.yml
@@ -8,6 +8,8 @@ jobs:
   nuget-oidc:
     name: NuGet login (OIDC → temp API key)
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # enable GitHub OIDC token issuance for this job
     steps:
       - uses: NuGet/login@v1
         id: login

From cdcf1482a85ed5c52920e6faffca370905113c27 Mon Sep 17 00:00:00 2001
From: Chris Simmons <gitlab.com@netchris.com>
Date: Sat, 28 Feb 2026 17:13:41 -0800
Subject: [PATCH 4/6] NuGet release

---
 .../workflows/publish-nuget-org-release.yml   | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-nuget-org-release.yml b/.github/workflows/publish-nuget-org-release.yml
index 2b11985..9d69779 100644
--- a/.github/workflows/publish-nuget-org-release.yml
+++ b/.github/workflows/publish-nuget-org-release.yml
@@ -5,10 +5,25 @@ on:
     types: [released]
 
 jobs:
+  nuget-oidc:
+    name: NuGet login (OIDC → temp API key)
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write  # enable GitHub OIDC token issuance for this job
+    outputs:
+      nuget_api_key: ${{ steps.login.outputs.NUGET_API_KEY }}
+    steps:
+      - uses: NuGet/login@v1
+        id: login
+        with:
+          user: ChrisSimmons
   push:
+    needs:
+      - nuget-oidc
     permissions:
       checks: write
       contents: read
       packages: write
-    uses: NetChris/workflows/.github/workflows/release-nuget-org.yml@v2
-    secrets: inherit
+    uses: NetChris/workflows/.github/workflows/release-nuget-org.yml@nuget-trusted-publishing
+    secrets: 
+      nuget_api_key: ${{ needs.nuget-oidc.outputs.nuget_api_key }}

From 03eb5825231dc0f6ddd285afb6b430d9c6270170 Mon Sep 17 00:00:00 2001
From: Chris Simmons <gitlab.com@netchris.com>
Date: Sat, 28 Feb 2026 18:13:32 -0800
Subject: [PATCH 5/6] I'm sure this will work

---
 .github/workflows/publish-nuget-org-release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish-nuget-org-release.yml b/.github/workflows/publish-nuget-org-release.yml
index 9d69779..f5d4529 100644
--- a/.github/workflows/publish-nuget-org-release.yml
+++ b/.github/workflows/publish-nuget-org-release.yml
@@ -11,12 +11,15 @@ jobs:
     permissions:
       id-token: write  # enable GitHub OIDC token issuance for this job
     outputs:
-      nuget_api_key: ${{ steps.login.outputs.NUGET_API_KEY }}
+      nuget_api_key: ${{ steps.secretworkaround.outputs.NUGET_API_KEY }}
     steps:
       - uses: NuGet/login@v1
         id: login
         with:
           user: ChrisSimmons
+      - name: Save Secret
+        id: secretworkaround
+        run: echo "NUGET_API_KEY=${{ steps.login.outputs.NUGET_API_KEY }}" >> "$GITHUB_OUTPUT"
   push:
     needs:
       - nuget-oidc

From d51e5b4c0d616557397da6efeaf58351b5692659 Mon Sep 17 00:00:00 2001
From: Chris Simmons <gitlab.com@netchris.com>
Date: Sat, 28 Feb 2026 18:36:14 -0800
Subject: [PATCH 6/6] Or this

---
 .../workflows/publish-nuget-org-release.yml   | 21 +++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish-nuget-org-release.yml b/.github/workflows/publish-nuget-org-release.yml
index f5d4529..18f5a24 100644
--- a/.github/workflows/publish-nuget-org-release.yml
+++ b/.github/workflows/publish-nuget-org-release.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       id-token: write  # enable GitHub OIDC token issuance for this job
     outputs:
-      nuget_api_key: ${{ steps.secretworkaround.outputs.NUGET_API_KEY }}
+      nuget_api_key_doublebase64: ${{ steps.secretworkaround.outputs.NUGET_API_KEY_DOUBLEBASE64 }}
     steps:
       - uses: NuGet/login@v1
         id: login
@@ -19,14 +19,27 @@ jobs:
           user: ChrisSimmons
       - name: Save Secret
         id: secretworkaround
-        run: echo "NUGET_API_KEY=${{ steps.login.outputs.NUGET_API_KEY }}" >> "$GITHUB_OUTPUT"
-  push:
+        run: |
+         echo "NUGET_API_KEY_DOUBLEBASE64=$(echo ${{ steps.login.outputs.NUGET_API_KEY }} | base64 -w0 | base64 -w0)" >> $GITHUB_OUTPUT
+  debase64:
+    name: De-base64 the secret
     needs:
       - nuget-oidc
+    runs-on: ubuntu-latest
+    outputs:
+      nuget_api_key: ${{ steps.secretworkaround.outputs.NUGET_API_KEY }}
+    steps:
+      - name: Save Secret
+        id: secretworkaround
+        run: |
+         echo "NUGET_API_KEY=$(echo ${{ needs.nuget-oidc.outputs.nuget_api_key_doublebase64 }} | base64 -di | base64 -di)" >> $GITHUB_OUTPUT
+  push:
+    needs:
+      - debase64
     permissions:
       checks: write
       contents: read
       packages: write
     uses: NetChris/workflows/.github/workflows/release-nuget-org.yml@nuget-trusted-publishing
     secrets: 
-      nuget_api_key: ${{ needs.nuget-oidc.outputs.nuget_api_key }}
+      nuget_api_key: ${{ needs.debase64.outputs.nuget_api_key }}