GitHub Action to configuring credentials for automated publishing of packages to pub.dev
When configuring automated publishing you don't need to create a long-lived secret that is copied into your automated deployment environment. Instead, authentication relies on temporary OpenID-Connect tokens signed by GitHub Actions.
See Automated publishing of packages to pub.dev and OpenID Connect allows your workflows to exchange short-lived tokens directly from your cloud provider for more information.
# .github/workflows/publish.yml
name: Publish to pub.dev
on:
push:
tags:
- 'v[0-9]+.[0-9]+.[0-9]+*' # tag pattern on pub.dev: 'v{{version}'
# Publish using custom workflow
jobs:
publish:
permissions:
id-token: write # Required for authentication using OIDC
contents: read
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Setup Flutter SDK and automated pub.dev credentials
- uses: flutter-actions/setup-flutter@v4
- uses: flutter-actions/setup-pubdev-credentials@v1
- name: Install dependencies
run: flutter pub get
# Here you can insert custom steps you need
# - name: Build
# run: flutter build ...
- name: Publish
run: flutter pub publish --forceLicensed under the MIT License.