Unable to upload NuGet to GitHub packages using Actions #190691

PlatinumLucario · 2026-03-26T12:08:11Z

PlatinumLucario
Mar 26, 2026

🏷️ Discussion Type

Question

💬 Feature/Topic Area

Workflow Configuration

Discussion Details

I really need help, I'm trying to get CI working properly with uploading the NuGet package for PLMIDI2VG onto GitHub packages.

I have tried doing what was mentioned in this thread, but it doesn't work.

While it does upload successfully to nuget.org, it does not upload to GitHub packages.

The error that occurs, happens when it gets to Push package to GitHub packages:

Run dotnet nuget push "/home/runner/work/PLMIDI2VG/PLMIDI2VG/nuget/*.nupkg" --api-key *** --source "github"
  dotnet nuget push "/home/runner/work/PLMIDI2VG/PLMIDI2VG/nuget/*.nupkg" --api-key *** --source "github"
  shell: /usr/bin/pwsh -command ". '{0}'"
  env:
    DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
    DOTNET_NOLOGO: true
    NuGetDirectory: /home/runner/work/PLMIDI2VG/PLMIDI2VG/nuget
Pushing PLMIDI2VG.0.0.1.nupkg to 'https://nuget.pkg.github.com/PlatinumLucario'...
  PUT https://nuget.pkg.github.com/PlatinumLucario/
warn : Your request could not be authenticated by the GitHub Packages service. Please ensure your access token is valid and has the appropriate scopes configured.
  Forbidden https://nuget.pkg.github.com/PlatinumLucario/ 355ms
error: Response status code does not indicate success: 403 (Forbidden).
Error: Process completed with exit code 1.

It's doesn't make any sense, I'm using the correct access token, it's a fine-grained token, and it should work.

I have permissions: write-all in the workflow yaml, as you can see right there. And I've also got the repository secrets correctly set up as well as the environment variables. Here's proof:

Can someone please help me out here and tell me what I'm doing wrong? I'm new to CI, and I really want to make sure that PLMIDI2VG publishes to GitHub packages.

Any help would be greatly appreciated, thanks!

Answered by riiyansh-singh

Mar 29, 2026

Hey! I’ve run into this exact 403 error before. Even with "write-all" permissions, the dotnet CLI is super picky about how it talks to GitHub.
The main reason this happens is usually that the push command is missing the index.json part of the URL, or it’s having trouble mapping your "github" source name to your actual credentials.
Here is the quick fix to try in your YAML file:
In your "Push package to GitHub packages" step, instead of using just --source "github", try using the full, direct URL:
https://nuget.pkg.github.com/PlatinumLucario/index.json
Also, try swapping out your custom secret for the built-in secrets.GITHUB_TOKEN. Since you already have "permissions: write-all" in your sc…

View full answer

NotDizzyButFizzy · 2026-03-28T23:21:41Z

NotDizzyButFizzy
Mar 28, 2026

Your workflow fails because env vars/secrets aren’t populating in the job likely missing permissions: packages: write at job level or the environment isn’t selected in the run (check workflow dispatch UI). Add this to your job:

permissions:
packages: write
contents: read

Then, explicitly add the NuGet source before push (replace OWNER with your username/org):

dotnet nuget add source "https://nuget.pkg.github.com/OWNER/index.json" --username github-actions --password ${{ secrets.GITHUB_TOKEN }} --store-password-in-clear-text --name github
dotnet nuget push **/*.nupkg --source github --api-key ${{ secrets.GITHUB_TOKEN }}

No custom secrets needed GITHUB_TOKEN works if repo settings > Packages > 'Inherit access from repository' is on. Test on main branch

0 replies

riiyansh-singh · 2026-03-29T00:16:32Z

riiyansh-singh
Mar 29, 2026

Hey! I’ve run into this exact 403 error before. Even with "write-all" permissions, the dotnet CLI is super picky about how it talks to GitHub.
The main reason this happens is usually that the push command is missing the index.json part of the URL, or it’s having trouble mapping your "github" source name to your actual credentials.
Here is the quick fix to try in your YAML file:
In your "Push package to GitHub packages" step, instead of using just --source "github", try using the full, direct URL:
https://nuget.pkg.github.com/PlatinumLucario/index.json
Also, try swapping out your custom secret for the built-in secrets.GITHUB_TOKEN. Since you already have "permissions: write-all" in your script, the built-in token is actually more reliable for pushing to the registry than a manual fine-grained one.
One last thing to check: GitHub doesn't allow you to overwrite a version that already exists. If you’ve already uploaded version 0.0.1 once, it might throw a 403 Forbidden instead of telling you it's a duplicate. Make sure to bump your version number in your project file before you run the action again!

2 replies

PlatinumLucario May 11, 2026
Author

In your "Push package to GitHub packages" step, instead of using just --source "github", try using the full, direct URL:
https://nuget.pkg.github.com/PlatinumLucario/index.json

Okay, I'll try that instead.

Also, try swapping out your custom secret for the built-in secrets.GITHUB_TOKEN. Since you already have "permissions: write-all" in your script, the built-in token is actually more reliable for pushing to the registry than a manual fine-grained one.

How do I do that? If you mean putting it into the publish-nuget.yml, I've already got a built-in token in here.

One last thing to check: GitHub doesn't allow you to overwrite a version that already exists. If you’ve already uploaded version 0.0.1 once, it might throw a 403 Forbidden instead of telling you it's a duplicate. Make sure to bump your version number in your project file before you run the action again!

I'm pretty sure I've added a small increment to the version number, like 0.0.1.1.1.1.1 etc every time I've tried. If there was a duplicate, it has always told me in the errors anyways (unless I'm misremembering stuff).

PlatinumLucario May 12, 2026
Author

Okay nvm, I understand it now. I just needed to change from this:

      # Add NuGet label to GitHub repository, and use GITHUB_TOKEN
      - name: Add NuGet release label
        uses: actions/labeler@v4
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Prep packages
        run: dotnet nuget add source --username ${{ vars.USERNAME }} --password ${{ secrets.NUGET_PACKAGE_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/${{ vars.USERNAME }}/index.json"
      - name: Push package to GitHub packages
        run: dotnet nuget push "${{ env.NuGetDirectory }}/*.nupkg" --api-key ${{ secrets.NUGET_PACKAGE_TOKEN }} --source "github"

To this:

      # Add NuGet label to GitHub repository, and use GITHUB_TOKEN
      - name: Add NuGet release label
        uses: actions/labeler@v4
        with:
          repo-token: ${{ secrets.GITHUB_TOKEN }}
      - name: Prep packages
        run: dotnet nuget add source --username ${{ vars.USERNAME }} --password ${{ secrets.NUGET_PACKAGE_TOKEN }} --store-password-in-clear-text --name github "https://nuget.pkg.github.com/${{ vars.USERNAME }}/index.json"
      - name: Push package to GitHub packages
        run: dotnet nuget push "${{ env.NuGetDirectory }}/*.nupkg" --api-key ${{ secrets.GITHUB_TOKEN }} --source "https://nuget.pkg.github.com/${{ vars.USERNAME }}/index.json"

And it worked! Thank you so much!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Community

Unable to upload NuGet to GitHub packages using Actions #190691

Uh oh!

{{title}}

Uh oh!

Replies: 2 comments 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

GitHub Community

Unable to upload NuGet to GitHub packages using Actions #190691

Uh oh!

PlatinumLucario Mar 26, 2026

🏷️ Discussion Type

💬 Feature/Topic Area

Discussion Details

Replies: 2 comments · 2 replies

Uh oh!

NotDizzyButFizzy Mar 28, 2026

Uh oh!

riiyansh-singh Mar 29, 2026

Uh oh!

PlatinumLucario May 11, 2026 Author

Uh oh!

PlatinumLucario May 12, 2026 Author

PlatinumLucario
Mar 26, 2026

Replies: 2 comments 2 replies

NotDizzyButFizzy
Mar 28, 2026

riiyansh-singh
Mar 29, 2026

PlatinumLucario May 11, 2026
Author

PlatinumLucario May 12, 2026
Author