Conversation
* Require a fresh Copilot pass before merging any PR Document the rule that mergeStateStatus=CLEAN alone is not enough to merge — Copilot must have re-reviewed the latest commit after any thread resolutions or pushes. If Copilot does not auto re-review within a reasonable window, ask before merging; silence is not approval. This was missing from the previous round of process documentation. PR #693 was merged ~3 minutes after I (Claude) replied to Copilot's threads, before Copilot had a chance to post a fresh review on the new commit. The merge happened to be functionally correct but the process was wrong, and it's the kind of small step that hides real regressions in larger PRs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Bump develop's minor version after every develop->main merge Document the rule that, immediately after a develop->main merge lands and main's publish workflows complete, the next action is a small isolated PR bumping the minor in version.json on develop. Without it, develop's next NBGV prerelease is numerically lower than the stable that just shipped, producing visibly confusing version numbers in HISTORY.md, --version output, and consumer update prompts. Documentation only; the actual bump for the just-completed PR #693 promotion will land as a separate `bump-version-3.17` PR per the "don't bundle the bump with other work" guidance in this same change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Refine Copilot-pass rule per Copilot review Address four issues Copilot raised on the previous commit: - Clarify that review_on_push lives in the copilot_code_review ruleset rule (verifiable via gh api), not in repo source files. - Align the "no issues found" headline with the verification recipe by stating up front that Copilot posts COMMENTED reviews here, so a clean COMMENTED review with zero open threads IS the success state. - Specify committedDate as the exact field to compare submitted_at against, removing ambiguity between authoredDate and committedDate in `gh pr view --json commits` output. - Replace "ask the user" with "ask the maintainer" since this is a repo-wide doc that survives author changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Make the Copilot fresh-review check use commit_id, not timestamps Copilot pointed out (rightly) that comparing submitted_at against committedDate is fragile: the reviews endpoint returns every author's every review, and timestamp drift between client and server can flip the comparison. The robust check is structural — does the latest Copilot review's commit_id equal headRefOid? Recipe rewritten to fetch headRefOid and the last Copilot review's commit_id and compare strings. Also added a pointer to the GitHub UI "Re-request review" flow for cases where Copilot doesn't auto re-review on push (which happens occasionally; observed on this PR). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Fix two consistency issues from Copilot's round-4 review - AGENTS.md headline said the freshness check was "review submitted after committedDate" but step 2 specifies commit_id == headRefOid. Aligned the headline to also use the SHA-equality wording so the rule is internally consistent end-to-end. - copilot-instructions.md: "develop's next prerelease numbers below main's just-shipped stable" was missing a verb. Now reads "next prerelease version numbers fall below..." Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Bot login consistency and paginated reviews lookup Round 5 Copilot findings: - Use `copilot-pull-request-reviewer[bot]` (the bot login, with "(shown as Copilot in the UI)" gloss) consistently in prose so it matches the jq filter in the verification recipe — copy/paste from the doc now produces a working command. - The reviews endpoint is paginated by default in gh CLI; on PRs with many review entries `last` could pick a stale Copilot review from page 1. Use `--paginate` and a streaming `tail -1` filter so the latest Copilot commit_id is reliably found regardless of review-list length. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Use <owner>/<repo> placeholder consistently in API recipes The Merging-a-PR section mixed `<repo>` and `<owner>/<repo>` in adjacent gh api recipes; copy-pasting the bare `<repo>` form would fail. Standardised on `<owner>/<repo>` to match the rest of the doc. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Main just shipped 3.16.7 (PR #693 promotion). Per the rule documented in AGENTS.md "Develop → Main Promotion" section, bump develop's minor so the next prerelease lands at 3.17.X-g{sha}, visibly above main's just-shipped stable rather than below it. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps the actions-deps group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@1b10c78...bcd2ba4) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Microsoft.SourceLink.GitHub from 10.0.203 to 10.0.300 Bumps ptr727.LanguageTags from 1.2.29 to 1.2.43 Bumps System.CommandLine from 2.0.7 to 2.0.8 --- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-version: 10.0.300 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: System.CommandLine dependency-version: 2.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps coverlet.collector from 10.0.0 to 10.0.1 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 1 update: [dotnet/nbgv](https://github.com/dotnet/nbgv). Updates `dotnet/nbgv` from 0.5.1 to 0.5.2 - [Release notes](https://github.com/dotnet/nbgv/releases) - [Commits](dotnet/nbgv@3cf2d96...705dad1) --- updated-dependencies: - dependency-name: dotnet/nbgv dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 2 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [docker/login-action](https://github.com/docker/login-action). Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0 Bumps ptr727.LanguageTags from 1.2.43 to 1.2.45 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 2 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) and [actions/setup-dotnet](https://github.com/actions/setup-dotnet). Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@ce36039...0611638) Updates `actions/setup-dotnet` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@c2fa09f...9a946fd) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-dotnet dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ptr727.LanguageTags from 1.2.45 to 1.2.47 --- updated-dependencies: - dependency-name: ptr727.LanguageTags dependency-version: 1.2.47 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps dotnet-outdated-tool from 4.7.1 to 4.8.0 Bumps ptr727.LanguageTags from 1.2.47 to 1.2.49 --- updated-dependencies: - dependency-name: dotnet-outdated-tool dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.49 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps CliWrap from 3.10.1 to 3.10.2 Bumps ptr727.LanguageTags from 1.2.49 to 1.2.51 --- updated-dependencies: - dependency-name: CliWrap dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Port the two-phase CI/CD pattern from ProjectTemplate into PlexCleaner (closes #722). PRs run path-gated smoke builds; publish-release.yml becomes the sole publisher (weekly schedule + dispatch build both branches; push publishes only when PUBLISH_ON_MERGE=true). Thread required branch/ref/smoke through every reusable task, branch-scope artifacts + Docker cache, pin releases to GitCommitId, absorb the periodic Docker workflow, and update AGENTS.md/copilot-instructions.md/README.
) Bumps the actions-deps group with 1 update in the / directory: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Promotes develop → main while adopting the new two-phase CI/CD release model (PR smoke builds + scheduled/dispatch publisher) and carrying forward the associated documentation and dependency/tooling updates.
Changes:
- Implements two-phase CI/CD: PR workflow runs unit tests + path-gated smoke builds;
publish-release.ymlbecomes the sole publisher (weekly schedule + manual dispatch; push publish gated byPUBLISH_ON_MERGE). - Threads
branch/ref/smokethrough reusable workflows; pins GitHub Releases to NBGVGitCommitIdand skips duplicate release creation on scheduled runs. - Bumps version baseline to
3.17and updates docs/badges/dependencies accordingly.
Reviewed changes
Copilot reviewed 18 out of 18 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| version.json | Bumps NBGV base version to 3.17 for the next release cycle. |
| README.md | Updates release cadence wording and workflow-status shields to reflect the new publisher. |
| Directory.Packages.props | Updates NuGet dependency versions (CliWrap, coverlet, SourceLink, etc.). |
| AGENTS.md | Updates repo runbook docs for merging, releases, and two-phase CI/CD behavior. |
| .github/workflows/test-release-task.yml | Removes obsolete release-test reusable workflow (replaced by PR workflow structure). |
| .github/workflows/test-pull-request.yml | Adds paths-filter “changes” job, always-on unit tests, and a gated smoke build + aggregator. |
| .github/workflows/publish-release.yml | Becomes the single publisher: weekly schedule + dispatch, matrix builds both branches, push publishing gated. |
| .github/workflows/publish-periodic-docker-release.yml | Deletes old periodic Docker publisher workflow (absorbed into publish-release pipeline). |
| .github/workflows/merge-bot-pull-request.yml | Updates merge-bot docs and bumps actions/create-github-app-token. |
| .github/workflows/get-version-task.yml | Adds optional ref input and exposes NBGV GitCommitId output. |
| .github/workflows/build-toolversions-task.yml | New reusable task to extract tool versions from published images and upload per-branch artifacts. |
| .github/workflows/build-release-task.yml | Adds required branch, optional ref, smoke, and per-target enable flags; pins releases to GitCommitId. |
| .github/workflows/build-executable-task.yml | Adds branch/ref/smoke, reduces smoke matrix, and branch-suffixes artifacts to avoid collisions. |
| .github/workflows/build-dockerreadme-task.yml | New reusable task to render/push Docker Hub README from main’s template + toolversions artifact. |
| .github/workflows/build-docker-task.yml | Adds branch/ref/smoke, smoke skips QEMU, branch-scopes registry cache, and uses branch-driven config. |
| .github/workflows/build-datebadge-task.yml | Adds required branch input; only updates badge for main via explicit branch gating. |
| .github/copilot-instructions.md | Updates high-level repo rules to reflect two-phase CI/CD and adds the Copilot review runbook details. |
| .config/dotnet-tools.json | Bumps dotnet-outdated-tool version. |
Comment on lines
74
to
78
| - name: Login to Docker Hub step | ||
| uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0 | ||
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 | ||
| with: | ||
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | ||
| password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} |
Owner
Author
|
Superseded by #725, which carries the same develop→main promotion with the merge conflicts pre-resolved (conflict-free and mergeable). The conflicts here were confined to the five workflow files develop rewrote/removed for two-phase; dependency manifests and action SHAs were already identical across branches. See #725 for the resolution details. |
Owner
Author
|
Reopened as the canonical It will show as CONFLICTING — the conflicts are confined to the five workflow files Two ways to land it:
I have not pushed to |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release promotion of
develop→main.Headline change
publish-release.ymlis the sole publisher (weekly schedule + manual dispatch build both branches;pushpublishes only whenPUBLISH_ON_MERGEistrue). Reusable tasks thread requiredbranch/ref/smoke; branch-scoped artifacts + Docker cache; releases pinned to NBGVGitCommitId; periodic Docker workflow absorbed into the publisher. AGENTS.md / copilot-instructions.md / README updated, incl. the programmatic Copilot review runbook.Also included
Release-model note
Under the new two-phase default, merging this to main will not auto-publish (
PUBLISH_ON_MERGEis unset).:latestand the stable GitHub Release refresh on the next weeklypublish-release.ymlrun (Mondays 02:00 UTC) or an on-demandworkflow_dispatch. After merge, remember the post-promotionversion.jsonminor bump on develop per AGENTS.md.Merge with "Create a merge commit" (main ruleset). Handed to the maintainer for the release merge.