From 094bb180d1d69d6d84a237a9cf7a2633e26e2bb4 Mon Sep 17 00:00:00 2001 From: Pieter Viljoen Date: Sun, 21 Jun 2026 20:37:37 -0700 Subject: [PATCH 1/2] Revert version to 1.2 and fix tag-pinning doc to use GitCommitId Addresses the Copilot review on the develop->main promotion (#180): revert the version.json 1.2->1.3 minor bump so the maintenance promotion carries the current floor (no functional change in this batch), and correct the AGENTS.md 'Tag pinning on releases' bullet to pin target_commitish to NBGV's GitCommitId - matching the live build-release-task.yml and the upstream template - instead of the misleading github.sha. --- AGENTS.md | 2 +- version.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 40c2778..8efe587 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -157,7 +157,7 @@ These conventions describe the target state. New and modified workflows must res - **Reusable workflows**: job-level `permissions:` are validated *before* the `if:` evaluates, so even a skipped job needs valid permissions declared. A `release` job with `permissions: contents: write` and `if: ${{ inputs.publish }}` will still cause `startup_failure` on a caller that doesn't grant `contents: write`. Either declare permissions at the call site, or omit the inner block and inherit. - **Allowlist `success` and `skipped` explicitly** when chaining jobs across optional dependencies - `!= 'failure'` lets `cancelled` through (timeout, runner failure, manual cancel). Use `(needs.X.result == 'success' || needs.X.result == 'skipped')`. - **Artifact retention**: intermediate build artifacts (`actions/upload-artifact`) are consumed by a later job in the same run, so set `retention-days: 1` - the default 90-day retention otherwise piles up against the account-wide artifact-storage quota. The durable copies live on the GitHub release, not in workflow artifacts. -- **Tag pinning on releases**: when using `softprops/action-gh-release` (or any tag-creating action), pass `target_commitish: ${{ github.sha }}` explicitly. Without it, GitHub's REST API defaults the new tag to the repository's default branch instead of the commit that built the artifact. +- **Tag pinning on releases**: when using `softprops/action-gh-release` (or any tag-creating action), pass `target_commitish` explicitly - without it, GitHub's REST API defaults the new tag to the repository's default branch instead of the commit that built the artifact. Pin it to the **exact built commit's SHA** (the publisher uses NBGV's `GitCommitId` output), not `github.sha` (wrong branch in the publisher's branch matrix - a `develop` leg runs with `github.sha` = main's tip) and not a branch name (a moving ref that a mid-run commit could advance past the built tree). ## Project Structure diff --git a/version.json b/version.json index a086ff0..177e012 100644 --- a/version.json +++ b/version.json @@ -1,6 +1,6 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "1.3", + "version": "1.2", "publicReleaseRefSpec": [ "^refs/heads/main$" ], From 74fb9d1eaa04806bec5a89b8dc47ac7d50716269 Mon Sep 17 00:00:00 2001 From: Pieter Viljoen Date: Sun, 21 Jun 2026 20:46:34 -0700 Subject: [PATCH 2/2] Keep version.json at 1.3; 1.3.x is already published Undo the 1.2 revert: 1.3.x pre-releases (e.g. 1.3.6) are already published, so reverting the floor to 1.2 would regress the version line below them. The promotion releases 1.3.x stable on main, monotonic forward from both 1.2.66 and the published 1.3.x. This PR now carries only the AGENTS.md tag-pinning doc fix. --- version.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.json b/version.json index 177e012..a086ff0 100644 --- a/version.json +++ b/version.json @@ -1,6 +1,6 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "1.2", + "version": "1.3", "publicReleaseRefSpec": [ "^refs/heads/main$" ],