From 908bf1af7b683792e1d6e094506e252e5daeb4c0 Mon Sep 17 00:00:00 2001
From: Nicolas BRIERE <n.briere@smartway.ai>
Date: Thu, 14 Nov 2024 09:07:54 +0100
Subject: [PATCH] feat(dotnet): publish to public nuget registry option

---
 .github/workflows/dotnet-publish.yml | 41 ++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/.github/workflows/dotnet-publish.yml b/.github/workflows/dotnet-publish.yml
index b005fb5..81ab6a0 100644
--- a/.github/workflows/dotnet-publish.yml
+++ b/.github/workflows/dotnet-publish.yml
@@ -11,6 +11,11 @@ on:
         required: true
         type: string
         description: "The package version to use"
+      publish_to_public_registry:
+        required: false
+        type: boolean
+        description: "Whether to publish to the public registry"
+        default: true
 
 jobs:
   publish:
@@ -20,6 +25,8 @@ jobs:
       packages: read
     environment: main
     env:
+      VAULT_URL: ${{ vars.VAULT_URL }}
+      VAULT_GITHUB_ACTIONS_ROLE: ${{ vars.VAULT_GITHUB_ACTIONS_ROLE }}
       AWS_ACCOUNT_ID: ${{ inputs.AWS_ACCOUNT_ID || vars.AWS_ACCOUNT_ID }}
       AWS_REGION: ${{ inputs.AWS_REGION || vars.AWS_REGION }}
       CODEARTIFACT_DOMAIN: smartway
@@ -40,6 +47,32 @@ jobs:
           aws-region: ${{ env.AWS_REGION }}
           role-to-assume: arn:aws:iam::${{ env.AWS_ACCOUNT_ID }}:role/github_oidc
 
+      - name: Tailscale
+        if: inputs.publish_to_public_registry
+        uses: tailscale/github-action@v2
+        with:
+          oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TS_OAUTH_SECRET }}
+          tags: tag:ci
+          version: ${{ vars.TAILSCALE_VERSION }}
+
+      - name: Import Secrets
+        if: inputs.publish_to_public_registry
+        uses: Wandalen/wretry.action@v3
+        id: secrets
+        with:
+          action: hashicorp/vault-action@v3
+          attempt_limit: 5
+          attempt_delay: 150
+          with: |
+            url: ${{ env.VAULT_URL }}
+            role: ${{ env.VAULT_GITHUB_ACTIONS_ROLE }}
+            method: jwt
+            path: "github-actions"
+            exportToken: true
+            secrets: |
+              secret/data/github-actions-common/nuget-registry api-key | NUGET_PUBLIC_API_KEY;
+
       - name: Login to CodeArtifact
         run: "aws codeartifact login --tool dotnet --repository ${CODEARTIFACT_REPOSITORY} --domain ${CODEARTIFACT_DOMAIN} --domain-owner ${AWS_ACCOUNT_ID} --region ${AWS_REGION}"
 
@@ -57,3 +90,11 @@ jobs:
           dotnet nuget push ${{ inputs.package_to_publish }}.${{ inputs.package_version }}/${{ inputs.package_to_publish }}.${{ inputs.package_version }}.nupkg
           --source https://${{ env.CODEARTIFACT_DOMAIN }}-${{ env.AWS_ACCOUNT_ID }}.d.codeartifact.${{ env.AWS_REGION }}.amazonaws.com/nuget/${{ env.CODEARTIFACT_REPOSITORY }}/v3/index.json
           --skip-duplicate
+
+      - name: Publish package to Public Registry
+        if: inputs.publish_to_public_registry
+        run: >-
+          dotnet nuget push ${{ inputs.package_to_publish }}.${{ inputs.package_version }}/${{ inputs.package_to_publish }}.${{ inputs.package_version }}.nupkg
+          --source https://api.nuget.org/v3/index.json
+          --api-key ${{ fromJSON( steps.secrets.outputs.outputs ).NUGET_PUBLIC_API_KEY }}
+          --skip-duplicate