I have the following step in a shared workflow (lives in a repo within my org, not where it's called from):
- name: Publish and push image
run: |
dotnet pack ${{ inputs.csproj_path }} --configuration release -p:Version=${{ needs.gitversion.outputs.NuGetVersionV2 }} -p:WarningLevel=0
dotnet nuget push ${{ inputs.release_folder_path }}*.nupkg -k ${{ secrets.GITHUB_TOKEN }} -s https://nuget.pkg.github.com/OrgName/index.json
I have tried it as above, with a passed in secret value, and directly using secrets.GITHUB_TOKEN. I have also tried setting no explicit permissions, permissions: write-all, and setting the individual required permissions at the job and workflow levels.
Every time I do this, I get the following error:
Pushing Package.That.Does.Something.v2.nupkg to 'https://nuget.pkg.github.com/OrgName'...
PUT https://nuget.pkg.github.com/OrgName/
warn : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
Forbidden https://nuget.pkg.github.com/OrgName/ 320ms
error: Response status code does not indicate success: 403 (Forbidden).
I've run out of ideas of how to authenticate via a shared workflow. FYI, it works fine when the workflow is moved into the repository it is being called from. Any advice greatly appreciated.
EDIT: The calling workflow below...
permissions: write-all
on:
pull_request:
push:
branches:
- main
jobs:
build_publish:
name: Build
uses: OrgName/actions/.github/workflows/build-package-and-push-to-github-v1.yml@task/allow-tests
with:
csproj_path: './src/Package.That.Does.Something.csproj'
release_folder_path: './src/bin/release/'
dotnet_version: '3.1.x'