updatecli: use shared policy (#2393) #203

	name: release-main

	on:
	push:
	branches: [ "main" ]

	permissions:
	attestations: write
	contents: write
	id-token: write
	issues: write
	packages: write

	env:
	NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages

	jobs:
	release:
	runs-on: ubuntu-latest

	steps:
	- uses: actions/checkout@v4
	- name: Bootstrap Action Workspace
	id: bootstrap
	uses: ./.github/workflows/bootstrap
	with:
	rust: 'true'

	- name: Package with canary suffix
	run: ./build.sh pack

	- name: generate build provenance
	uses: actions/attest-build-provenance@bdd51370e0416ac948727f861e03c2f05d32d78e # v1.3.2
	with:
	subject-path: "${{ github.workspace }}/build/output/_packages/*.nupkg"

	# Github packages requires authentication, this is likely going away in the future so for now we publish to feedz.io
	- name: publish canary packages to feedz.io
	run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{ secrets.FEEDZ_IO_API_KEY }} -s ${{ secrets.FEEDZ_IO_API_URL }} --skip-duplicate --no-symbols

	- name: publish canary packages github package repository
	run: dotnet nuget push 'build/output/_packages/*.nupkg' -k ${{secrets.GITHUB_TOKEN}} -s https://nuget.pkg.github.com/elastic/index.json --skip-duplicate --no-symbols

	- if: ${{ failure() }}
	uses: elastic/oblt-actions/slack/[email protected]
	with:
	bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
	channel-id: "#apm-agent-dotnet"
	message: \|
	:large_yellow_circle: [${{ github.repository }}] Snapshot could not be published to feedz.io.
	Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\|here>)

Provide feedback