Adding Support for non direct url download of packages / security context

[ronaldnl]

1 of the things I ran in to make the workflow work, is the limitation that it requires a direct download url.
The problem I personally have with it is that it can require additional infrastructure as well as it not being ideal in all security scenarios.

What I want to change here is give an option to select a source type from which the app files will come from. To start of limited to options Direct Download and Nuget.
When Nuget is specified additional fields need to be either filled or managed trough Secrets (like other potential secret values).
The additional fields would be similar to the existing for the target Nuget location. Since source and target doesn't have to be the same nuget server / auth contex it makes sense to seperate these.

This issue is mainly for when just creating runtime package from app files, not sure if this is an issue for other partners as well.

[jonaswre]

We have the same problem, but since we only create runtimes for released versions it would be enough for us if the Action could download from private releases. But allowing to download the apps from nuget feeds is a better solution.

[jonaswre]

I've created a very early POC.

$appName = '<APP>'

$nuGetServerUrl = 'https://github.com/<runtime-org>/' + $appName
$nuGetToken = 'ghp_<secret>'
$fromNugetServerUrl = 'https://nuget.pkg.github.com/<org>/index.json'
$fromNugetToken = 'ghp_<secret>'
$fromApps = "<NUGET-PACKAGE>"
$fromDependencies = "<NUGET-PACKAGE>"

gh workflow run --repo byndit/GenerateBcNuGet "Generate Runtime Packages From NuGet" -f nuGetServerUrl=$nuGetServerUrl -f nuGetToken=$nuGetToken -f country=de -f fromNugetServerUrl=$fromNugetServerUrl -f fromNugetToken=$fromNugetToken -f fromApps=$fromApps -f fromDependencies=$fromDependencies

https://github.com/byndit/GenerateBcNuGet