Skip to content

Add CI, packaging, and tag-driven NuGet release pipeline#1

Merged
fvandepitte merged 2 commits into
mainfrom
copilot/generate-release-workflows
Jun 10, 2026
Merged

Add CI, packaging, and tag-driven NuGet release pipeline#1
fvandepitte merged 2 commits into
mainfrom
copilot/generate-release-workflows

Conversation

Copilot AI commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

This change introduces the missing GitHub Actions workflows to validate builds, produce native-backed NuGet artifacts, and publish releases from tags. It also aligns package versioning with release tags so published package versions are driven by the release pipeline rather than a hardcoded project version.

  • CI workflow

    • Added .github/workflows/ci.yml for push/PR validation.
    • Runs restore/build/test for the library and test projects.
    • Sets explicit minimal token permissions.
  • Packaging workflow (reusable)

    • Added .github/workflows/package.yml as a workflow_call + workflow_dispatch workflow.
    • Builds the Swift native bridge on macos-latest-xlarge (make bridge).
    • Packs .nupkg and .snupkg artifacts, with optional version override input.
    • Uploads NuGet artifacts for downstream release jobs.
  • Release workflow

    • Added .github/workflows/release.yml triggered by v* tags.
    • Derives package version from tag name (strip leading v).
    • Reuses package.yml, publishes artifacts to NuGet via NUGET_API_KEY, and attaches artifacts to the GitHub release.
    • Uses environment: release for release gating/protections.
  • Versioning alignment

    • Updated project version declaration to be override-friendly:
      • Version is now conditional in Community.Microsoft.Extensions.AI.CoreML.csproj, enabling tag-driven version injection during pack.
  • Release documentation

    • Added docs/releasing.md with:
      • Tag format (vX.Y.Z, vX.Y.Z-suffix)
      • Required secret/environment/runner setup
      • Maintainer release flow
    • Linked release docs from README.md.
on:
  push:
    tags:
      - "v*"
# ...
VERSION="${GITHUB_REF_NAME#v}"
# passed into package workflow as -p:Version

@fvandepitte

Copy link
Copy Markdown
Owner

@copilot how are all the test going to run if we don't run the make command first?

Copilot AI commented Jun 2, 2026

Copy link
Copy Markdown
Contributor Author

@copilot how are all the test going to run if we don't run the make command first?

The current test suite is unit-only and uses fake bridge/platform implementations, so it does not require make bridge or the native dylib to run. make bridge is executed in the packaging/release workflows (package.yml/release.yml) where we actually build and pack native-backed artifacts. If you want native integration coverage in CI as well, I can add a separate macOS integration test job that runs make bridge before tests.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a GitHub Actions-based CI/packaging/release pipeline for the repository and aligns NuGet package versioning with release tags by allowing the version to be injected at pack time.

Changes:

  • Added CI workflow to restore/build/test on pushes to main and on PRs.
  • Added reusable packaging workflow to build the Swift native bridge and produce .nupkg/.snupkg artifacts (with optional version override).
  • Added tag-driven release workflow to derive version from v* tags, publish to NuGet, and attach artifacts to a GitHub release; documented the process in docs/releasing.md and linked from the README.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/Community.Microsoft.Extensions.AI.CoreML/Community.Microsoft.Extensions.AI.CoreML.csproj Makes the package version override-friendly for tag-driven release version injection.
README.md Links to the new release process documentation.
docs/releasing.md Documents CI/package/release workflows, required repo configuration, and the tag convention.
.github/workflows/ci.yml Adds CI validation workflow for restore/build/test.
.github/workflows/package.yml Adds reusable packaging workflow for building the native bridge and packing NuGet artifacts.
.github/workflows/release.yml Adds tag-triggered release workflow that derives version from tags and publishes to NuGet/GitHub Releases.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/ci.yml
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@fvandepitte fvandepitte marked this pull request as ready for review June 10, 2026 11:07

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8c3988e283

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment on lines +45 to +46
if [ -n "${{ inputs.version }}" ]; then
PACK_ARGS+=("-p:Version=${{ inputs.version }}")

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Pass the version through an environment variable

When this reusable workflow is invoked from release.yml, inputs.version comes from the pushed tag, and Git refs can contain shell-substitution syntax such as $(...) or backticks. Because the expression is interpolated directly into the bash script before execution, a tag like v$(id) turns these lines into command substitutions in both the test and the array assignment, so the package job runs attacker-chosen shell commands before the protected release environment is reached. Put the input in an env var (and/or validate it as SemVer) and reference that variable inside bash instead of embedding the expression in the script text.

Useful? React with 👍 / 👎.

@fvandepitte fvandepitte merged commit 0b5c8ee into main Jun 10, 2026
1 check passed
@fvandepitte fvandepitte deleted the copilot/generate-release-workflows branch June 10, 2026 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants