My next step in automating my PowerShell module development workflow is to have my module deploy to PowerShellGallery when creating a GitHub release. Last time it was doing unit testing with pester, now we want our code to get out in the world.

What I want to accomplish is pretty simple, to make my release process simple. By using GitHub Actions, we can trigger tasks by creating a new release. When creating a release, we checkout our code and run Publish-Module like we would locally on our machine. We need an API Key, which you can find when you log into PowerShellGallery, and that’s about it.

Add the API key as a secret

Under settings in the repository you want to set up publishing from, you find the menu item called Secrets. Press that big New secret button to add your secret. When you do, you can edit it but you can replace or delete it.

As you can see from my repo, I got one called PSGALLERY and one CODECOV, each of them for the respective services.

Let’s see how we can set up our workflow and reference that secret!

Creating the workflow

Let us take a look at the code, then I can explain what is going on.

name: PSGallery
on:
  release:
    types: [published]
jobs:
  psgallery_publish:
    runs-on: ubuntu-latest
    steps:
      - name: checkout
        uses: actions/checkout@v2
        
      - name: Publishing
        run: |
                    Publish-Module -Path '...' -NuGetApiKey ${{ secrets.PSGALLERY }}
        shell: pwsh

First of all, we define when this workflow is triggered. What we want, is to have this run every time a new release is created and published. Types here can be everything from unpublished to edited so if you have any special needs, the GitHub Actions documentation covers everything you need to know.

I have created one job called psgallery_publish, that has to steps. One to check out the code, so we have the code locally on the agent we’re using, and one to run the line of PowerShell that actually publishes the module. I usually have the actual code for the module in a directory with the same name as the module itself, that goes into the -Path parameter.

For our secret, we can fetch this by using the secrets.PSGALLERY snippet. This ensures that you don’t have your actual secret in your public code, and makes it easy to maintain if you ever need to change this key.