Skip to content

Promote develop to main: gated release model + nuget-deps bump#391

Merged
ptr727 merged 2 commits into
mainfrom
develop
Jul 10, 2026
Merged

Promote develop to main: gated release model + nuget-deps bump#391
ptr727 merged 2 commits into
mainfrom
develop

Conversation

@ptr727

@ptr727 ptr727 commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Promotion of develop -> main.

Carries:

This promotion is also the live gate test. The diff touches Directory.Packages.props (a release-affecting path), so on merge the now-gated publish-release.yml will trigger — and because the promotion is a human merge (github.actor = ptr727), the plan job resolves publish=false and skips the publish. That proves a human merge/promotion does not auto-cut a release. (The next Dependabot/codegen merge to mainactor = ptr727-codegen[bot] — will publish.)

🤖 Generated with Claude Code

dependabot Bot and others added 2 commits July 10, 2026 14:55
Updated [Serilog](https://github.com/serilog/serilog) from 4.3.1 to
4.4.0.

<details>
<summary>Release notes</summary>

_Sourced from [Serilog's
releases](https://github.com/serilog/serilog/releases)._

## 4.4.0

## What's Changed
* Emit SelfLog warning when extra arguments are provided by @​matantsach
in serilog/serilog#2222
* dont WriteQuotedJsonString for null by @​SimonCropp in
serilog/serilog#2216
* Pin System.Security.Cryptography.Xml to 8.0.3 in tests by @​ArieGato
in serilog/serilog#2232
* Route optional interfaces through OptionalInterfaceForwardingSink for
restricted sinks by @​ArieGato in
serilog/serilog#2234
* `SelfMetrics` by @​nblumhardt in
serilog/serilog#2237

## New Contributors
* @​matantsach made their first contribution in
serilog/serilog#2222
* @​ArieGato made their first contribution in
serilog/serilog#2232

**Full Changelog**:
serilog/serilog@v4.3.1...v4.4.0

Commits viewable in [compare
view](serilog/serilog@v4.3.1...v4.4.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=Serilog&package-manager=nuget&previous-version=4.3.1&new-version=4.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…e-model) (#388)

Part of the fleet release-model change: **a human PR merge never
auto-cuts a release; only a bot (Dependabot/codegen) code-merge to
`main` does, plus manual dispatch.**

- **`push` trigger narrowed to `[main]`** — bot merges to `develop` no
longer release; `develop` prereleases come via `workflow_dispatch`.
- **Publish gated** to `github.actor == 'ptr727-codegen[bot]'` (the App
merges every bot PR) / `dependabot[bot]`, so a human merge/promotion to
`main` skips — the maintainer dispatches when release-ready. The
`paths:` filter still means an Actions-only bump publishes nothing.
- Empirically validated actor values on real runs (bot merges → App
identity; human merges → `ptr727`).

Header/comment updated to match. Takes effect on `main` once promoted.
Companion to LanguageTags #255; template docs (WORKFLOW.md/AGENTS.md) +
`PUBLISH_ON_MERGE` deletion follow.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 10, 2026 15:40
@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.62%. Comparing base (5b38db4) to head (1568ac1).
⚠️ Report is 37 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #391   +/-   ##
=======================================
  Coverage   40.62%   40.62%           
=======================================
  Files          10       10           
  Lines        1024     1024           
  Branches       99       99           
=======================================
  Hits          416      416           
  Misses        580      580           
  Partials       28       28           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Promotion of develop -> main that advances the repository’s release automation to a gated model (auto-publish only for bot merges to main, otherwise publish via dispatch), and includes the NuGet dependency bump carried by this promotion.

Changes:

  • Bump Serilog from 4.3.1 to 4.4.0 via centralized package versions.
  • Gate publish-release.yml behind a reusable “plan” workflow that decides whether publishing should occur, and restrict the push trigger to main.
  • Minor workflow comment cleanup in test-pull-request.yml.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
Directory.Packages.props Updates Serilog package version to 4.4.0.
.github/workflows/test-pull-request.yml Removes an outdated/now-redundant CODECOV_TOKEN threading comment (secrets inheritance remains).
.github/workflows/publish-release.yml Switches to a plan-driven publish gate; narrows push trigger to main; only validates/publishes when the plan says to publish.
.github/workflows/publish-plan-task.yml Adds reusable workflow that computes publish/stable outputs from event/actor/ref to centralize release gating logic.

@ptr727
ptr727 merged commit e0cb671 into main Jul 10, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants