Feature/ci cd modernization #47
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✨ Phase 1: Infrastructure Modernization Complete ## 🚀 New Features - **Modern CI/CD Pipeline**: Consolidated 3 separate OS workflows into unified matrix-based ci.yml - **Automated GitHub Packages**: Daily development builds for immediate testing feedback - **Enhanced Security**: CodeQL analysis + Dependabot automation - **GitHub Test Reporter**: Native test result visualization (replaces Testspace) ## 🔄 Workflow Changes - ✅ **ci.yml**: Cross-platform matrix testing (Windows/Linux/macOS) with modern actions - ✅ **publish-dev-github.yml**: Automated GitHub Packages publishing for development - ✅ **publish-nuget.yml**: Enhanced manual workflow supporting both GitHub Packages & NuGet.org - ✅ **security.yml**: CodeQL security scanning + dependency review - ✅ **dependabot.yml**: Automated dependency management with smart grouping ## 🏗️ Infrastructure Updates - **GitHub Actions**: Updated to v4 (checkout, setup-dotnet, cache, upload-artifact) - **Runners**: Migrated from ubuntu-20.04 to ubuntu-latest - **Test Reporting**: Native GitHub integration via dorny/test-reporter@v1 - **Package Caching**: Optimized NuGet package caching for faster builds - **Build System**: Added GitHub Packages support to Cake Frosting build ## 🗑️ Removed Deprecated Components - ❌ **Old Workflows**: build-ubuntu.yml, build-windows.yml, build-macos.yml - ❌ **Testspace**: External test reporting service dependency - ❌ **Old Actions**: checkout@v2, setup-dotnet@v1, setup-nuget@v1.0.5 ## 📦 Release Strategy - **Development**: Auto-publish to GitHub Packages on every master/v2-preview1 commit - **Preview/Stable**: Manual NuGet.org publishing with enhanced dropdown workflow - **Version Format**: 2.0.0-preview1.20240715.a1b2c3d for development builds Ready for Phase 2: Enhanced automation & community features! 🎯
✨ Enhanced Documentation ## 📖 Updated Content - **CI/CD Badges**: Modern GitHub Actions workflow status badges - **Package Installation**: Dual-source strategy (NuGet.org + GitHub Packages) - **Development Builds**: Instructions for GitHub Packages authentication - **CI Status**: Matrix testing status across Windows/Linux/macOS ## 🔄 Badge Updates - ✅ **CI/CD Pipeline**: Cross-platform matrix testing status - ✅ **Security Analysis**: CodeQL scanning and dependency review - ✅ **Automated Publishing**: GitHub Packages development builds - ❌ **Removed**: Deprecated Testspace badge Ready for community testing with development packages! 🚀
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF ScorecardScorecard details
Scanned Files
|
There was a problem hiding this comment.
Pull Request Overview
This PR modernizes the CI/CD setup by consolidating workflows, adding GitHub Packages support, and updating documentation.
- Unified build, test, security analysis, and publishing into streamlined GitHub Actions workflows
- Enabled GitHub Packages as a distribution source and updated version validation logic
- Updated READMEs to include new CI/CD badges and installation instructions for stable and development builds
Reviewed Changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/LocalStack.Client/README.md | Updated badges and added package installation instructions |
| src/LocalStack.Client.Extensions/README.md | Updated badges and added package installation instructions |
| build/LocalStack.Build/Program.cs | Expanded version regex and added skip logic for GitHub source |
| build/LocalStack.Build/BuildContext.cs | Added GitHub package source mapping |
| README.md | Updated badges and added installation instructions |
| .github/workflows/security.yml | Added CodeQL and dependency review for security analysis |
| .github/workflows/publish-nuget.yml | Refactored manual publishing workflow to support GitHub Packages |
| .github/workflows/publish-dev-github.yml | Introduced auto-publish workflow for development builds |
| .github/workflows/ci.yml | Consolidated CI pipeline with cross-platform matrix strategy |
| .github/workflows/build-windows.yml | Removed legacy Windows build workflow |
| .github/workflows/build-ubuntu.yml | Removed legacy Ubuntu build workflow |
| .github/workflows/build-macos.yml | Removed legacy macOS build workflow |
| .github/dependabot.yml | Configured Dependabot for NuGet/GitHub Actions updates |
Comments suppressed due to low confidence (5)
.github/workflows/security.yml:6
- Include 'feature/ci-cd-modernization' in the
pushandpull_requestbranch lists so that security analysis runs on this branch as well.
- master
build/LocalStack.Build/Program.cs:154
- Add unit tests for the new GitHub package source branch in
ValidatePackageVersion, covering both the skip behavior and acceptance of pre-release formats.
if (context.PackageSource == "github")
src/LocalStack.Client/README.md:41
- [nitpick] Add entries for '📦 Package Installation' and 'Development Builds' to the Table of Contents so readers can find the new installation instructions.
## Table of Contents
🔧 **Workflow Trigger Improvements** ## ✅ **Removed Hard-coded Feature Branches** - **CI Pipeline**: Only master branch + PRs (no temporary feature branches) - **Auto Publishing**: Only master branch (stable development builds) - **Manual Publishing**: Available from any branch when needed ## 🎯 **Benefits** - **Maintainable**: No need to update workflows for every feature branch - **Scalable**: Works for any future feature branches automatically - **Clean**: CI only runs at integration points (master + PRs) - **Efficient**: Eliminates duplicate workflow runs ## 🚀 **Result** - ✅ Follows GitHub Actions best practices - ✅ Reduced maintenance overhead - ✅ Clean separation of concerns - ✅ Ready for production use CI/CD modernization is now production-ready! 🎉
…k support 🎯 **Mono Runtime Modernization** ## 📰 **Context**: Microsoft Mono Project Transition - Original Mono Project → Moving to WineHQ stewardship - Microsoft's modern Mono fork → Integrated into dotnet/runtime - .NET 8+ includes built-in Mono runtime for cross-platform .NET Framework support ## ✅ **Cross-Platform .NET Framework Support** - **Linux**: Now runs net472 tests using built-in Mono runtime - **macOS**: Unified test execution (no more custom XUnit/Mono logic) - **Windows**: Unchanged (native .NET Framework support) ## 🔧 **Build System Improvements** - **Simplified Logic**: Removed platform-specific workarounds - **Unified Execution**: Same \`dotnet test\` command across all platforms - **Dependency Elimination**: No external Mono installation required - **Better Coverage**: Full framework testing on all platforms ## 🚀 **CI/CD Enhancements** - **Matrix Testing**: Added net472 to Linux/macOS matrix - **Trigger Fix**: Added feature/* pattern for testing - **Modern Runtime**: Leverages .NET 9.0.200 built-in Mono ## 📈 **Result** - ✅ True cross-platform .NET Framework support - ✅ Simplified, maintainable build system - ✅ Zero external runtime dependencies - ✅ Enhanced test coverage across all platforms
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
refactor: remove redundant NuGet package installation in InitTask
…d security analysis workflow
… add security analysis workflow
… review runner to Ubuntu 22.04
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.