Conversation
…eps group (#405) Bumps the actions-deps group with 1 update: [softprops/action-gh-release](https://github.com/softprops/action-gh-release). Updates `softprops/action-gh-release` from 3.0.1 to 3.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/releases">softprops/action-gh-release's releases</a>.</em></p> <blockquote> <h2>v3.0.2</h2> <p><code>3.0.2</code> is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since <code>3.0.1</code>.</p> <p>This release fixes <a href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>, <a href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>, and <a href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>. The upload transport hardening covers the historical failure reported in <a href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to <a href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a> and does not claim a reproducible release-creation fix.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: improve release error reporting and test coverage by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: publish existing draft releases as prereleases by <a href="https://github.com/godfengliang"><code>@godfengliang</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li> <li>fix: upload small checksum assets reliably by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li> <li>fix: replace existing release assets on Gitea by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li> <li>fix: clarify release creation 404 errors by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): upgrade TypeScript to 7 by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li> <li>chore(deps): remove unused TypeScript tooling by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li> <li>dependency, Node 24 pin, and CI maintenance merged since <code>3.0.1</code></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md">softprops/action-gh-release's changelog</a>.</em></p> <blockquote> <h2>3.0.2</h2> <p><code>3.0.2</code> is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since <code>3.0.1</code>.</p> <p>This release fixes <a href="https://redirect.github.com/softprops/action-gh-release/issues/795">#795</a>, <a href="https://redirect.github.com/softprops/action-gh-release/issues/438">#438</a>, and <a href="https://redirect.github.com/softprops/action-gh-release/issues/803">#803</a>. The upload transport hardening covers the historical failure reported in <a href="https://redirect.github.com/softprops/action-gh-release/issues/790">#790</a>, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to <a href="https://redirect.github.com/softprops/action-gh-release/issues/786">#786</a> and does not claim a reproducible release-creation fix.</p> <h2>What's Changed</h2> <h3>Exciting New Features 🎉</h3> <ul> <li>feat: improve release error reporting and test coverage by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/813">softprops/action-gh-release#813</a></li> </ul> <h3>Bug fixes 🐛</h3> <ul> <li>fix: publish existing draft releases as prereleases by <a href="https://github.com/godfengliang"><code>@godfengliang</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/801">softprops/action-gh-release#801</a></li> <li>fix: upload small checksum assets reliably by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/815">softprops/action-gh-release#815</a></li> <li>fix: replace existing release assets on Gitea by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/816">softprops/action-gh-release#816</a></li> <li>fix: clarify release creation 404 errors by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/817">softprops/action-gh-release#817</a></li> </ul> <h3>Other Changes 🔄</h3> <ul> <li>chore(deps): upgrade TypeScript to 7 by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/812">softprops/action-gh-release#812</a></li> <li>chore(deps): remove unused TypeScript tooling by <a href="https://github.com/chenrui333"><code>@chenrui333</code></a> in <a href="https://redirect.github.com/softprops/action-gh-release/pull/814">softprops/action-gh-release#814</a></li> <li>dependency, Node 24 pin, and CI maintenance merged since <code>3.0.1</code></li> </ul> <h2>3.0.1</h2> <ul> <li>maintenance release with updated dependencies</li> </ul> <h2>3.0.0</h2> <p><code>3.0.0</code> is a major release that moves the action runtime from Node 20 to Node 24. Use <code>v3</code> on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on <code>v2.6.2</code>.</p> <h2>What's Changed</h2> <h3>Other Changes 🔄</h3> <ul> <li>Move the action runtime and bundle target to Node 24</li> <li>Update <code>@types/node</code> to the Node 24 line and allow future Dependabot updates</li> <li>Keep the floating major tag on <code>v3</code>; <code>v2</code> remains pinned to the latest <code>2.x</code> release</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/softprops/action-gh-release/commit/3d0d9888cb7fd7b750713d6e236d1fcb99157228"><code>3d0d988</code></a> release 3.0.2 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/818">#818</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/7e13ed4ac596a4adf801d3812be5a089356949aa"><code>7e13ed4</code></a> fix: clarify release creation 404 errors (<a href="https://redirect.github.com/softprops/action-gh-release/issues/817">#817</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/e6c70a53cf67373fbff7eeebca7782b4fe8f106c"><code>e6c70a5</code></a> fix: replace existing release assets on Gitea (<a href="https://redirect.github.com/softprops/action-gh-release/issues/816">#816</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f3453378888d5ef6208e2788af1c5ba50d8a898d"><code>f345337</code></a> fix: publish existing draft releases as prereleases (<a href="https://redirect.github.com/softprops/action-gh-release/issues/801">#801</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/d8a89a206684ded8435bf16d6f698bf04ab05164"><code>d8a89a2</code></a> fix: upload small checksum assets reliably (<a href="https://redirect.github.com/softprops/action-gh-release/issues/815">#815</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/45ece40c3178522904ac6c51c21d8a4e3565f3c8"><code>45ece40</code></a> chore(deps): remove unused TypeScript tooling (<a href="https://redirect.github.com/softprops/action-gh-release/issues/814">#814</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/f6b913c3f95302d88e8ef7cb2859c2e7656aa01e"><code>f6b913c</code></a> feat: improve release error reporting and test coverage (<a href="https://redirect.github.com/softprops/action-gh-release/issues/813">#813</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/15f193d7d8aa9623b5181913a31fafceb4e8cef9"><code>15f193d</code></a> chore(deps): upgrade TypeScript to 7 (<a href="https://redirect.github.com/softprops/action-gh-release/issues/812">#812</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/cc8268d46a81d57ec9b061f27b0dd68ebd7fb17f"><code>cc8268d</code></a> chore(deps): bump actions/checkout in the github-actions group (<a href="https://redirect.github.com/softprops/action-gh-release/issues/810">#810</a>)</li> <li><a href="https://github.com/softprops/action-gh-release/commit/fd0ed1e85b6730f87f5c67d7355751c46ad513d6"><code>fd0ed1e</code></a> chore(deps): bump the npm group with 3 updates (<a href="https://redirect.github.com/softprops/action-gh-release/issues/811">#811</a>)</li> <li>Additional commits viewable in <a href="https://github.com/softprops/action-gh-release/compare/718ea10b132b3b2eba29c1007bb80653f286566b...3d0d9888cb7fd7b750713d6e236d1fcb99157228">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 18.7.0 to 18.8.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._ ## 18.8.1 ## What's Changed * Fix protocol negotiation timeout when STJ reflection is disabled (18.8.1) by @nohwnd in microsoft/vstest#16281 **Full Changelog**: microsoft/vstest@v18.8.0...v18.8.1 ## 18.8.0 ## What's Changed * Migrate from Newtonsoft.Json to System.Text.Json / Jsonite (merge to main) by @nohwnd in microsoft/vstest#15687 - For more detail refer to https://devblogs.microsoft.com/dotnet/vs-test-is-removing-its-newtonsoft-json-dependency/ * Create source-only filter package by @Youssef1313 in microsoft/vstest#15638 * Add ARM64 msdia140.dll support to test platform packages by @nohwnd in microsoft/vstest#15692 * Fix mutex cleanup crash on macOS/Linux by @nohwnd in microsoft/vstest#15684 * Restrict artifact temp directory permissions on Unix by @nohwnd in microsoft/vstest#15729 * Add support for filtering uncategorized tests with TestCategory=None by @Evangelink in microsoft/vstest#15727 * Fix SCI binding failure in DTA hosts (main) by @nohwnd in microsoft/vstest#15724 * Fix HTML logger parallel file collision by @nohwnd in microsoft/vstest#15435 * Improve error message when testhost cannot be found by @nohwnd in microsoft/vstest#16053 * Fix HTML logger exception on invalid XML chars in test display names by @nohwnd in microsoft/vstest#16051 **Full Changelog**: microsoft/vstest@v18.7.0...v18.8.0 Commits viewable in [compare view](microsoft/vstest@v18.7.0...v18.8.1). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary A fleet governance audit found this repo's `AGENTS.md` defined the **signing** rule and the **default-to-staging** rule, but was missing the **author-identity** rule (which account/identity a commit must use). The canonical template `AGENTS.md` now defines this rule; this PR adds it here for fleet consistency. ## Change One bullet added to the **Git and Commit Rules** section, immediately after the existing "All commits must be cryptographically signed" bullet: > Commit under the committing account's own GitHub `noreply` identity - never a private, personal, or invented address... It codifies that `author`/`committer` must be the GitHub `noreply` of the signing account (`ptr727@users.noreply.github.com` for this fleet), to verify `user.email` before committing, and why a wrong identity matters (GH007 email-privacy push protection, polluted history), while noting identity is distinct from signing. ## Notes - Canonical wording inserted essentially verbatim, matching the existing bullet style. - ASCII-only, US English, ` - ` hyphens (no em-dashes). - File EOL (CRLF) preserved; zero mixed line endings. - Commit is SSH-signed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This promote-to-main PR brings forward git-governance guidance updates in AGENTS.md (focused on commit identity/signing discipline), alongside routine dependency/workflow pin refreshes consistent with the repo’s CI/CD and release practices.
Changes:
- Add an
AGENTS.mdrule requiring agent-authored commits to use the committing account’s GitHubnoreplyidentity. - Bump
Microsoft.NET.Test.Sdkto 18.8.1 via centralized package versioning. - Update the pinned commit for
softprops/action-gh-releaseto the v3.0.2 revision in the release workflow.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| Directory.Packages.props | Updates centralized NuGet package versions (test SDK bump). |
| AGENTS.md | Adds commit author/committer identity governance guidance for agents. |
| .github/workflows/build-release-task.yml | Updates pinned softprops/action-gh-release action revision used during release creation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Promotes develop->main: the AGENTS.md git-governance additions (author-identity rule / signing / staging), part of the fleet governance-conformance sweep.
🤖 Generated with Claude Code