Restrict nuget-publish workflow to only run after successful CI completion#18
Conversation
Co-authored-by: Serpensin <63426826+Serpensin@users.noreply.github.com>
|
There was a problem hiding this comment.
Pull Request Overview
This PR restructures the NuGet publishing workflow to only execute after successful CI completion, removing manual triggers and release-based publishing to ensure quality control.
- Replaced manual and release triggers with workflow_run dependency on CI completion
- Added success condition to prevent publishing when CI fails
- Updated version extraction to use git tags with date-based fallback for development builds
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| echo "version=${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT | ||
| # Try to get the latest tag version, fallback to date-based version | ||
| latest_tag=$(git describe --tags --abbrev=0 2>/dev/null || echo "") | ||
| if [[ -n "$latest_tag" && "$latest_tag" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then |
There was a problem hiding this comment.
The regex pattern only matches basic semantic versions (X.Y.Z) but doesn't support common variations like pre-release tags (1.0.0-alpha) or build metadata (1.0.0+build.1). Consider using a more comprehensive semver pattern like ^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ to support full semantic versioning.
| if [[ -n "$latest_tag" && "$latest_tag" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| if [[ -n "$latest_tag" && "$latest_tag" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9.-]+)?(\+[a-zA-Z0-9.-]+)?$ ]]; then |
| if ($start) { | ||
| $startIdx = $start | ||
| $next = ($lines | Select-String "^## \[" | Where-Object { $_.LineNumber -gt $startIdx }) | Select-Object -First 1 | ||
| $endIdx = if ($next) { $next.LineNumber - 1 } else { $lines.Count } | ||
| $notes = $lines[($startIdx)..($endIdx - 1)] -join "`n" | ||
| $notes = $notes -replace '^## \[.*\] - .*\r?\n?', '' | ||
| } else { | ||
| # Fallback to generic message if no changelog entry found | ||
| $notes = "Automated build from CI pipeline on $(Get-Date -Format 'yyyy-MM-dd')" | ||
| } |
There was a problem hiding this comment.
The PowerShell variable $start contains a MatchInfo object from Select-String, but line 81 assigns it directly to $startIdx expecting a line number. This should be $startIdx = $start.LineNumber to extract the actual line number from the MatchInfo object.
Serpensin
deleted the
copilot/fix-36d90541-d9e0-4384-ad65-7b047f7d3041
branch
This PR updates the
.github/workflows/nuget-publish.ymlworkflow to ensure it only executes when the CI workflow completes successfully, removing the ability to trigger it manually or through release events.Changes Made
Replaced all triggers with workflow_run dependency:
releasetrigger that previously ran on published releasesworkflow_dispatchtrigger that allowed manual executionworkflow_runtrigger that only fires when the "CI" workflow completes on themasterbranchAdded success condition:
if: github.event.workflow_run.conclusion == 'success'to ensure the workflow only runs when CI passesUpdated version extraction logic:
Improved error handling:
github.shatogithub.event.workflow_run.head_shafor proper workflow_run contextBenefits
This change ensures that every published NuGet package has passed the full CI test suite, improving the reliability of published packages.
Warning
Firewall rules blocked me from connecting to one or more addresses (expand for details)
I tried to connect to the following addresses, but was blocked by firewall rules:
aka.mscurl -I -sSL --retry 5 --retry-delay 2 --connect-timeout 15 REDACTED(dns block)If you need me to access, download, or install something from one of these locations, you can either:
This pull request was created as a result of the following prompt from Copilot chat.
💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.