Promote develop to main: two-phase CI/CD release (conflict-resolved)#725
Merged
Conversation
* Require a fresh Copilot pass before merging any PR Document the rule that mergeStateStatus=CLEAN alone is not enough to merge — Copilot must have re-reviewed the latest commit after any thread resolutions or pushes. If Copilot does not auto re-review within a reasonable window, ask before merging; silence is not approval. This was missing from the previous round of process documentation. PR #693 was merged ~3 minutes after I (Claude) replied to Copilot's threads, before Copilot had a chance to post a fresh review on the new commit. The merge happened to be functionally correct but the process was wrong, and it's the kind of small step that hides real regressions in larger PRs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Bump develop's minor version after every develop->main merge Document the rule that, immediately after a develop->main merge lands and main's publish workflows complete, the next action is a small isolated PR bumping the minor in version.json on develop. Without it, develop's next NBGV prerelease is numerically lower than the stable that just shipped, producing visibly confusing version numbers in HISTORY.md, --version output, and consumer update prompts. Documentation only; the actual bump for the just-completed PR #693 promotion will land as a separate `bump-version-3.17` PR per the "don't bundle the bump with other work" guidance in this same change. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Refine Copilot-pass rule per Copilot review Address four issues Copilot raised on the previous commit: - Clarify that review_on_push lives in the copilot_code_review ruleset rule (verifiable via gh api), not in repo source files. - Align the "no issues found" headline with the verification recipe by stating up front that Copilot posts COMMENTED reviews here, so a clean COMMENTED review with zero open threads IS the success state. - Specify committedDate as the exact field to compare submitted_at against, removing ambiguity between authoredDate and committedDate in `gh pr view --json commits` output. - Replace "ask the user" with "ask the maintainer" since this is a repo-wide doc that survives author changes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Make the Copilot fresh-review check use commit_id, not timestamps Copilot pointed out (rightly) that comparing submitted_at against committedDate is fragile: the reviews endpoint returns every author's every review, and timestamp drift between client and server can flip the comparison. The robust check is structural — does the latest Copilot review's commit_id equal headRefOid? Recipe rewritten to fetch headRefOid and the last Copilot review's commit_id and compare strings. Also added a pointer to the GitHub UI "Re-request review" flow for cases where Copilot doesn't auto re-review on push (which happens occasionally; observed on this PR). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Fix two consistency issues from Copilot's round-4 review - AGENTS.md headline said the freshness check was "review submitted after committedDate" but step 2 specifies commit_id == headRefOid. Aligned the headline to also use the SHA-equality wording so the rule is internally consistent end-to-end. - copilot-instructions.md: "develop's next prerelease numbers below main's just-shipped stable" was missing a verb. Now reads "next prerelease version numbers fall below..." Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Bot login consistency and paginated reviews lookup Round 5 Copilot findings: - Use `copilot-pull-request-reviewer[bot]` (the bot login, with "(shown as Copilot in the UI)" gloss) consistently in prose so it matches the jq filter in the verification recipe — copy/paste from the doc now produces a working command. - The reviews endpoint is paginated by default in gh CLI; on PRs with many review entries `last` could pick a stale Copilot review from page 1. Use `--paginate` and a streaming `tail -1` filter so the latest Copilot commit_id is reliably found regardless of review-list length. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Use <owner>/<repo> placeholder consistently in API recipes The Merging-a-PR section mixed `<repo>` and `<owner>/<repo>` in adjacent gh api recipes; copy-pasting the bare `<repo>` form would fail. Standardised on `<owner>/<repo>` to match the rest of the doc. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Main just shipped 3.16.7 (PR #693 promotion). Per the rule documented in AGENTS.md "Develop → Main Promotion" section, bump develop's minor so the next prerelease lands at 3.17.X-g{sha}, visibly above main's just-shipped stable rather than below it. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bumps the actions-deps group with 1 update: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@1b10c78...bcd2ba4) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Microsoft.SourceLink.GitHub from 10.0.203 to 10.0.300 Bumps ptr727.LanguageTags from 1.2.29 to 1.2.43 Bumps System.CommandLine from 2.0.7 to 2.0.8 --- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-version: 10.0.300 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.43 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: System.CommandLine dependency-version: 2.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps coverlet.collector from 10.0.0 to 10.0.1 --- updated-dependencies: - dependency-name: coverlet.collector dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 1 update: [dotnet/nbgv](https://github.com/dotnet/nbgv). Updates `dotnet/nbgv` from 0.5.1 to 0.5.2 - [Release notes](https://github.com/dotnet/nbgv/releases) - [Commits](dotnet/nbgv@3cf2d96...705dad1) --- updated-dependencies: - dependency-name: dotnet/nbgv dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action). Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 2 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) and [docker/login-action](https://github.com/docker/login-action). Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0 Bumps ptr727.LanguageTags from 1.2.43 to 1.2.45 --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.45 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps the actions-deps group with 2 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) and [actions/setup-dotnet](https://github.com/actions/setup-dotnet). Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@ce36039...0611638) Updates `actions/setup-dotnet` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@c2fa09f...9a946fd) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-dotnet dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps ptr727.LanguageTags from 1.2.45 to 1.2.47 --- updated-dependencies: - dependency-name: ptr727.LanguageTags dependency-version: 1.2.47 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps dotnet-outdated-tool from 4.7.1 to 4.8.0 Bumps ptr727.LanguageTags from 1.2.47 to 1.2.49 --- updated-dependencies: - dependency-name: dotnet-outdated-tool dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.49 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps CliWrap from 3.10.1 to 3.10.2 Bumps ptr727.LanguageTags from 1.2.49 to 1.2.51 --- updated-dependencies: - dependency-name: CliWrap dependency-version: 3.10.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps - dependency-name: ptr727.LanguageTags dependency-version: 1.2.51 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Port the two-phase CI/CD pattern from ProjectTemplate into PlexCleaner (closes #722). PRs run path-gated smoke builds; publish-release.yml becomes the sole publisher (weekly schedule + dispatch build both branches; push publishes only when PUBLISH_ON_MERGE=true). Thread required branch/ref/smoke through every reusable task, branch-scope artifacts + Docker cache, pin releases to GitCommitId, absorb the periodic Docker workflow, and update AGENTS.md/copilot-instructions.md/README.
) Bumps the actions-deps group with 1 update in the / directory: [actions/checkout](https://github.com/actions/checkout). Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Promote develop to main. Conflicts were confined to the workflow files develop rewrote for the two-phase model (build-docker/executable/release-task) and the two it removed (publish-periodic-docker-release, test-release-task); resolved by taking develop's versions and keeping the deletions. The merged tree is byte-identical to develop's tip — main had no unique content (dependency manifests and action SHAs were already identical across branches), so this is an align-main-style promotion. actionlint clean.
There was a problem hiding this comment.
Pull request overview
Promotes develop to main via a conflict-resolved merge commit, carrying forward the two-phase CI/CD release model and the updated documentation/runbook that governs publishing and Copilot review requirements.
Changes:
- Bumps
version.jsonto the next minor (3.17) as part of the release line progression. - Updates CI/CD workflows to the two-phase model (PR smoke builds; scheduled/dispatch publishing; branch/ref/smoke threading through reusable tasks) and removes superseded workflows.
- Refreshes documentation to reflect the new release cadence and the “fresh Copilot re-review on head commit” merge requirement.
Reviewed changes
Copilot reviewed 16 out of 16 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| version.json | Updates the base NBGV version to 3.17. |
| README.md | Updates release/publishing cadence wording and workflow status badge links to the consolidated publisher. |
| AGENTS.md | Documents two-phase publishing and codifies the “fresh Copilot re-review on latest commit” merge process. |
| .github/workflows/test-release-task.yml | Removes the superseded “test release task” workflow. |
| .github/workflows/test-pull-request.yml | Implements path-gated smoke builds plus an aggregator job suitable for required status checks. |
| .github/workflows/publish-release.yml | Consolidates publishing into a single scheduled/dispatch publisher with an opt-in push publish gate. |
| .github/workflows/publish-periodic-docker-release.yml | Removes the superseded periodic Docker publishing workflow (absorbed into the publisher). |
| .github/workflows/merge-bot-pull-request.yml | Updates comments to match the new two-phase publish behavior while preserving App-token rationale. |
| .github/workflows/get-version-task.yml | Adds ref input and surfaces GitCommitId to pin builds/releases to the exact commit. |
| .github/workflows/build-toolversions-task.yml | New reusable task to extract and upload per-branch tool version artifacts from published images. |
| .github/workflows/build-release-task.yml | Threads ref/required branch/smoke and adds smoke safeguards + release de-duplication. |
| .github/workflows/build-executable-task.yml | Adds ref/required branch/smoke, branch-suffixed artifacts, and reduced runtime matrix for smoke builds. |
| .github/workflows/build-dockerreadme-task.yml | New reusable task to render/update Docker Hub README from main’s published version artifacts. |
| .github/workflows/build-docker-task.yml | Adds ref/required branch/smoke, amd64-only smoke builds, and branch-scoped registry build cache. |
| .github/workflows/build-datebadge-task.yml | Threads required branch input so only the main leg updates the badge. |
| .github/copilot-instructions.md | Updates repo guidance to the two-phase model and adds/expands the programmatic Copilot re-review runbook. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release promotion of
develop→main, with the merge conflicts pre-resolved (supersedes #724, which conflicted).This branch's HEAD is the
develop→mainmerge commit with conflicts already resolved, so it's conflict-free and mergeable here while still carryingdevelopas a merge parent (ancestry preserved). Its tree is byte-identical todevelop's tip.Why #724 conflicted
mainhad accumulated independent Dependabot commits (#697–#721) whiledevelopwas rewritten for two-phase CI/CD. The conflicts were confined to five workflow files — the threedeveloprewrote (build-docker/executable/release-task) and the two it removed (publish-periodic-docker-release,test-release-task). Dependency manifests (Directory.Packages.props,.config/dotnet-tools.json) and all action SHAs were already identical across the branches, so no dependency reconciliation was needed.Resolution
Took
develop's versions for the rewritten files and kept the two deletions. Verified the merged tree equalsdevelop's tip exactly (git diff origin/developempty);actionlintclean.Headline content (from #723, closes #722)
Two-phase CI/CD: PR smoke builds + sole weekly/dispatch publisher with opt-in
PUBLISH_ON_MERGE. Plus version bump to 3.17 (#695), the fresh-Copilot-pass doc (#694), and accumulated Dependabot updates.Release-model note
Under two-phase, merging this to
mainwill not auto-publish (PUBLISH_ON_MERGEunset);:latestand the stable release refresh on the next weekly run or a manual dispatch. After merge, do the post-promotionversion.jsonminor bump ondevelop. Merge with "Create a merge commit". Handed to the maintainer for the release merge.