Switch to centrally managed actions (#134)

.github/workflows/dotnet.yaml

@@ -283,7 +283,7 @@ jobs:
     needs: [check-dotnet-format, check-nix-format, build, build-nix, linkcheck, flake-check, analyzers, nuget-pack, expected-pack, github-release-tool-dry-run]
     runs-on: ubuntu-latest
     steps:
-      - uses: Smaug123/all-required-checks-complete-action@05b40a8c47ef0b175ea326e9abb09802cb67b44e
+      - uses: G-Research/common-actions/check-required-lite@2b7dc49cb14f3344fbe6019c14a31165e258c059
         with:
           needs-context: ${{ toJSON(needs) }}
 
@@ -346,26 +346,16 @@ jobs:
         with:
           name: nuget-package-lib
           path: packed
-      - name: Publish to NuGet
-        id: publish-success
-        env:
-          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
-        run: 'nix develop --command bash ./.github/workflows/nuget-push.sh "packed/WoofWare.NUnitTestRunner.Lib.*.nupkg"'
-      - name: Wait for availability
-        if: steps.publish-success.outputs.result == 'published'
-        env:
-          PACKAGE_VERSION: ${{ steps.publish-success.outputs.version }}
-        run: 'echo "$PACKAGE_VERSION" && while ! curl -L --fail -o from-nuget.nupkg "https://www.nuget.org/api/v2/package/WoofWare.NUnitTestRunner.Lib/$PACKAGE_VERSION" ; do sleep 10; done'
-      # Astonishingly, NuGet.org considers it to be "more secure" to tamper with my package after upload (https://devblogs.microsoft.com/nuget/introducing-repository-signatures/).
-      # So we have to *re-attest* it after it's uploaded. Mind-blowing.
-      - name: Assert package contents
-        if: steps.publish-success.outputs.result == 'published'
-        run: 'bash ./.github/workflows/assert-contents.sh'
-      - name: Attest Build Provenance
-        if: steps.publish-success.outputs.result == 'published'
-        uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
+      - name: Identify .NET
+        id: identify-dotnet
+        run: nix develop --command bash -c "echo dotnet=$(which dotnet) >> $GITHUB_OUTPUT"
+      - name: Publish NuGet package
+        uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
         with:
-          subject-path: "from-nuget.nupkg"
+          package-name: WoofWare.NUnitTestRunner.Lib
+          nuget-key: ${{ secrets.NUGET_API_KEY }}
+          nupkg-dir: packed/
+          dotnet: ${{ steps.identify-dotnet.outputs.dotnet }}
 
   nuget-publish-tool:
     runs-on: ubuntu-latest
@@ -388,26 +378,16 @@ jobs:
         with:
           name: nuget-package-tool
           path: packed
-      - name: Publish to NuGet
-        id: publish-success
-        env:
-          NUGET_API_KEY: ${{ secrets.NUGET_API_KEY }}
-        run: 'nix develop --command bash ./.github/workflows/nuget-push.sh "packed/WoofWare.NUnitTestRunner.*.nupkg"'
-      - name: Wait for availability
-        if: steps.publish-success.outputs.result == 'published'
-        env:
-          PACKAGE_VERSION: ${{ steps.publish-success.outputs.version }}
-        run: 'echo "$PACKAGE_VERSION" && while ! curl -L --fail -o from-nuget.nupkg "https://www.nuget.org/api/v2/package/WoofWare.NUnitTestRunner/$PACKAGE_VERSION" ; do sleep 10; done'
-      # Astonishingly, NuGet.org considers it to be "more secure" to tamper with my package after upload (https://devblogs.microsoft.com/nuget/introducing-repository-signatures/).
-      # So we have to *re-attest* it after it's uploaded. Mind-blowing.
-      - name: Assert package contents
-        if: steps.publish-success.outputs.result == 'published'
-        run: 'bash ./.github/workflows/assert-contents.sh'
-      - name: Attest Build Provenance
-        if: steps.publish-success.outputs.result == 'published'
-        uses: actions/attest-build-provenance@6149ea5740be74af77f260b9db67e633f6b0a9a1 # v1.4.2
+      - name: Identify .NET
+        id: identify-dotnet
+        run: nix develop --command bash -c "echo dotnet=$(which dotnet) >> $GITHUB_OUTPUT"
+      - name: Publish NuGet package
+        uses: G-Research/common-actions/publish-nuget@2b7dc49cb14f3344fbe6019c14a31165e258c059
         with:
-          subject-path: "from-nuget.nupkg"
+          package-name: WoofWare.NUnitTestRunner
+          nuget-key: ${{ secrets.NUGET_API_KEY }}
+          nupkg-dir: packed/
+          dotnet: ${{ steps.identify-dotnet.outputs.dotnet }}
 
   github-release-tool:
     runs-on: ubuntu-latest