Skip to content

Promote: AGENTS git-governance / author-identity rule#271

Merged
ptr727 merged 3 commits into
mainfrom
develop
Jul 14, 2026
Merged

Promote: AGENTS git-governance / author-identity rule#271
ptr727 merged 3 commits into
mainfrom
develop

Conversation

@ptr727

@ptr727 ptr727 commented Jul 14, 2026

Copy link
Copy Markdown
Owner

Promotes develop->main: the AGENTS.md git-governance additions (author-identity rule / signing / staging), part of the fleet governance-conformance sweep.

🤖 Generated with Claude Code

dependabot Bot and others added 3 commits July 13, 2026 02:47
Updated [Serilog](https://github.com/serilog/serilog) from 4.3.1 to
4.4.0.

<details>
<summary>Release notes</summary>

_Sourced from [Serilog's
releases](https://github.com/serilog/serilog/releases)._

## 4.4.0

## What's Changed
* Emit SelfLog warning when extra arguments are provided by @​matantsach
in serilog/serilog#2222
* dont WriteQuotedJsonString for null by @​SimonCropp in
serilog/serilog#2216
* Pin System.Security.Cryptography.Xml to 8.0.3 in tests by @​ArieGato
in serilog/serilog#2232
* Route optional interfaces through OptionalInterfaceForwardingSink for
restricted sinks by @​ArieGato in
serilog/serilog#2234
* `SelfMetrics` by @​nblumhardt in
serilog/serilog#2237

## New Contributors
* @​matantsach made their first contribution in
serilog/serilog#2222
* @​ArieGato made their first contribution in
serilog/serilog#2232

**Full Changelog**:
serilog/serilog@v4.3.1...v4.4.0

Commits viewable in [compare
view](serilog/serilog@v4.3.1...v4.4.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Serilog&package-manager=nuget&previous-version=4.3.1&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…eps group (#268)

Bumps the actions-deps group with 1 update:
[softprops/action-gh-release](https://github.com/softprops/action-gh-release).

Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.2</h2>
<p><code>3.0.2</code> is a patch release focused on release reliability
and compatibility. It
reuses existing draft releases when publishing prereleases, supports
replacing
release assets on Gitea, hardens streamed asset uploads, and provides
clearer
release-creation diagnostics. It also includes TypeScript, coverage, and
tooling
maintenance merged since <code>3.0.1</code>.</p>
<p>This release fixes <a
href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>,
<a
href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>,
and <a
href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>.
The upload transport hardening covers the
historical failure reported in <a
href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>,
although current hosted Node 24 runners did
not reproduce it naturally. The diagnostics work is related to <a
href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a>
and does not
claim a reproducible release-creation fix.</p>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: improve release error reporting and test coverage by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: publish existing draft releases as prereleases by <a
href="https://github.com/godfengliang"><code>@​godfengliang</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li>
<li>fix: upload small checksum assets reliably by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li>
<li>fix: replace existing release assets on Gitea by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li>
<li>fix: clarify release creation 404 errors by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): upgrade TypeScript to 7 by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li>
<li>chore(deps): remove unused TypeScript tooling by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li>
<li>dependency, Node 24 pin, and CI maintenance merged since
<code>3.0.1</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's
changelog</a>.</em></p>
<blockquote>
<h2>3.0.2</h2>
<p><code>3.0.2</code> is a patch release focused on release reliability
and compatibility. It
reuses existing draft releases when publishing prereleases, supports
replacing
release assets on Gitea, hardens streamed asset uploads, and provides
clearer
release-creation diagnostics. It also includes TypeScript, coverage, and
tooling
maintenance merged since <code>3.0.1</code>.</p>
<p>This release fixes <a
href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>,
<a
href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>,
and <a
href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>.
The upload transport hardening covers the
historical failure reported in <a
href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>,
although current hosted Node 24 runners did
not reproduce it naturally. The diagnostics work is related to <a
href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a>
and does not
claim a reproducible release-creation fix.</p>
<h2>What's Changed</h2>
<h3>Exciting New Features 🎉</h3>
<ul>
<li>feat: improve release error reporting and test coverage by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li>
</ul>
<h3>Bug fixes 🐛</h3>
<ul>
<li>fix: publish existing draft releases as prereleases by <a
href="https://github.com/godfengliang"><code>@​godfengliang</code></a>
in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li>
<li>fix: upload small checksum assets reliably by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li>
<li>fix: replace existing release assets on Gitea by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li>
<li>fix: clarify release creation 404 errors by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li>
</ul>
<h3>Other Changes 🔄</h3>
<ul>
<li>chore(deps): upgrade TypeScript to 7 by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li>
<li>chore(deps): remove unused TypeScript tooling by <a
href="https://github.com/chenrui333"><code>@​chenrui333</code></a> in <a
href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li>
<li>dependency, Node 24 pin, and CI maintenance merged since
<code>3.0.1</code></li>
</ul>
<h2>3.0.1</h2>
<ul>
<li>maintenance release with updated dependencies</li>
</ul>
<h2>3.0.0</h2>
<p><code>3.0.0</code> is a major release that moves the action runtime
from Node 20 to Node 24.
Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that
already support the
Node 24 Actions runtime. <code>v2.6.2</code> was the final Node
20-compatible release and is
no longer maintained or supported.</p>
<h2>What's Changed</h2>
<h3>Other Changes 🔄</h3>
<ul>
<li>Move the action runtime and bundle target to Node 24</li>
<li>Update <code>@types/node</code> to the Node 24 line and allow future
Dependabot updates</li>
<li>Keep the floating major tag on <code>v3</code>; freeze
<code>v2</code> at the final <code>v2.6.2</code> release</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/softprops/action-gh-release/commit/3d0d9888cb7fd7b750713d6e236d1fcb99157228"><code>3d0d988</code></a>
release 3.0.2 (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/818">#818</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/7e13ed4ac596a4adf801d3812be5a089356949aa"><code>7e13ed4</code></a>
fix: clarify release creation 404 errors (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/817">#817</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/e6c70a53cf67373fbff7eeebca7782b4fe8f106c"><code>e6c70a5</code></a>
fix: replace existing release assets on Gitea (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/816">#816</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/f3453378888d5ef6208e2788af1c5ba50d8a898d"><code>f345337</code></a>
fix: publish existing draft releases as prereleases (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/801">#801</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/d8a89a206684ded8435bf16d6f698bf04ab05164"><code>d8a89a2</code></a>
fix: upload small checksum assets reliably (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/815">#815</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/45ece40c3178522904ac6c51c21d8a4e3565f3c8"><code>45ece40</code></a>
chore(deps): remove unused TypeScript tooling (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/814">#814</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/f6b913c3f95302d88e8ef7cb2859c2e7656aa01e"><code>f6b913c</code></a>
feat: improve release error reporting and test coverage (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/813">#813</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/15f193d7d8aa9623b5181913a31fafceb4e8cef9"><code>15f193d</code></a>
chore(deps): upgrade TypeScript to 7 (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/812">#812</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/cc8268d46a81d57ec9b061f27b0dd68ebd7fb17f"><code>cc8268d</code></a>
chore(deps): bump actions/checkout in the github-actions group (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/810">#810</a>)</li>
<li><a
href="https://github.com/softprops/action-gh-release/commit/fd0ed1e85b6730f87f5c67d7355751c46ad513d6"><code>fd0ed1e</code></a>
chore(deps): bump the npm group with 3 updates (<a
href="https://redirect.github.com/softprops/action-gh-release/issues/811">#811</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/softprops/action-gh-release/compare/718ea10b132b3b2eba29c1007bb80653f286566b...3d0d9888cb7fd7b750713d6e236d1fcb99157228">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=softprops/action-gh-release&package-manager=github_actions&previous-version=3.0.1&new-version=3.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## What

Adds the fleet **author-identity** git rule to `AGENTS.md`, inserting it
in the *Git and Commit Rules* section immediately after the existing
commit-signing bullet.

## Why

A fleet governance audit found this repo's `AGENTS.md` carries the
signing rule and the default-to-staging rule but is missing the
author-identity rule that the canonical template already defines. This
PR restores consistency.

The new bullet requires every agent-authored commit to use the
committing account's GitHub `noreply` identity
(`ptr727@users.noreply.github.com` for this single-maintainer fleet) -
never a private, personal, or invented address - and explains why: a
private email trips GitHub's email-privacy push protection (GH007), and
invented authors pollute history. It also clarifies that identity is
separate from signing.

## Notes

- Single-line insertion; no other content changed.
- CRLF line endings preserved (repo's `AGENTS.md` is CRLF); zero mixed
endings.
- ASCII-only, US English.
- Commit is SSH-signed; author/committer is the owner's GitHub `noreply`
identity.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 14, 2026 19:00

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This promotion PR brings the git-governance guidance changes into main by updating AGENTS.md (agent commit identity rule), while also carrying along a dependency bump and a workflow action pin update that affect release and CI behavior.

Changes:

  • Add an AGENTS.md rule requiring agent-authored commits to use the committing account’s GitHub noreply identity.
  • Bump Serilog from 4.3.1 to 4.4.0 in centralized package version management.
  • Update the pinned SHA for softprops/action-gh-release from v3.0.1 to v3.0.2 in the release workflow.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
AGENTS.md Documents a new commit author/committer identity requirement for agent-authored commits.
Directory.Packages.props Updates the centrally-managed Serilog package version.
.github/workflows/build-release-task.yml Advances the SHA-pinned softprops/action-gh-release action to v3.0.2.

Comment thread Directory.Packages.props
Comment thread AGENTS.md
@ptr727 ptr727 merged commit d919ac2 into main Jul 14, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants