From 64e3b62e580bf534ee4925b60e263a591cf06816 Mon Sep 17 00:00:00 2001 From: Pieter Viljoen Date: Fri, 26 Jun 2026 16:44:43 -0700 Subject: [PATCH 1/3] Fix develop prerelease tagging via IGNORE_GITHUB_REF (#198) NBGV's GitHub Actions provider reads the reserved GITHUB_REF (which a step env cannot override); set IGNORE_GITHUB_REF=true so it versions from the checked-out branch instead. Supersedes the ineffective GITHUB_REF override from #196. CI-verified: develop checkout -> 1.4.x-g prerelease, main -> stable. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/build-nugetlibrary-task.yml | 1 - .github/workflows/build-release-task.yml | 1 - .github/workflows/get-version-task.yml | 15 +++++---------- 3 files changed, 5 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build-nugetlibrary-task.yml b/.github/workflows/build-nugetlibrary-task.yml index 0fb70e2..cac4dd5 100644 --- a/.github/workflows/build-nugetlibrary-task.yml +++ b/.github/workflows/build-nugetlibrary-task.yml @@ -37,7 +37,6 @@ jobs: secrets: inherit with: ref: ${{ inputs.ref }} - branch: ${{ inputs.branch }} build-nugetlibrary: name: Build NuGet library project job diff --git a/.github/workflows/build-release-task.yml b/.github/workflows/build-release-task.yml index 6633ec5..3d1049d 100644 --- a/.github/workflows/build-release-task.yml +++ b/.github/workflows/build-release-task.yml @@ -50,7 +50,6 @@ jobs: secrets: inherit with: ref: ${{ inputs.ref }} - branch: ${{ inputs.branch }} # Entry gate: validate branch<->version consistency once, before the build jobs, so an NBGV mis-classification fails # fast instead of after building and publishing. main must be a public release (no prerelease '-'); every other branch diff --git a/.github/workflows/get-version-task.yml b/.github/workflows/get-version-task.yml index 7a3bb08..c478dbb 100644 --- a/.github/workflows/get-version-task.yml +++ b/.github/workflows/get-version-task.yml @@ -9,12 +9,6 @@ on: required: false type: string default: '' - # Logical branch NBGV classifies against. Pins PublicRelease to this branch instead of the runner's GITHUB_REF, - # which on a publish dispatched from the default branch is that branch for every matrix leg. Empty keeps GITHUB_REF. - branch: - required: false - type: string - default: '' outputs: SemVer2: value: ${{ jobs.get-version.outputs.SemVer2 }} @@ -59,7 +53,8 @@ jobs: id: nbgv uses: dotnet/nbgv@master env: - # NBGV reads the branch from GITHUB_REF; pin it to the leg being versioned so a publish dispatched from the - # default branch doesn't classify every leg as the public ref and strip its prerelease suffix. - GITHUB_REF: ${{ inputs.branch != '' && format('refs/heads/{0}', inputs.branch) || github.ref }} - GITHUB_REF_NAME: ${{ inputs.branch != '' && inputs.branch || github.ref_name }} + # NBGV's GitHub Actions cloud-build provider overrides the checked-out branch with GITHUB_REF (the dispatch + # ref). On a publish dispatched from the default branch that misclassifies every matrix leg as the public ref + # and strips the prerelease suffix. GITHUB_REF is reserved and cannot be reliably overridden, so tell NBGV to + # ignore it and version from the actually-checked-out branch (each leg checks out its own branch). + IGNORE_GITHUB_REF: true From f2560a8e4cf8e1fe06e75b62efbf3903c19a2201 Mon Sep 17 00:00:00 2001 From: Pieter Viljoen Date: Fri, 26 Jun 2026 20:43:41 -0700 Subject: [PATCH 2/3] Skip validate-release gate in smoke builds (#202) Smoke builds check out the PR head detached, so NBGV always yields a prerelease version; on a main-base PR that tripped validate-release and blocked every develop->main promotion carrying a build target. Skip the gate for smoke builds (they never publish). CI-verified for both main and develop bases. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/build-release-task.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build-release-task.yml b/.github/workflows/build-release-task.yml index 3d1049d..f5b056a 100644 --- a/.github/workflows/build-release-task.yml +++ b/.github/workflows/build-release-task.yml @@ -64,8 +64,16 @@ jobs: env: SEMVER2: ${{ needs.get-version.outputs.SemVer2 }} BRANCH: ${{ inputs.branch }} + SMOKE: ${{ inputs.smoke }} run: | set -euo pipefail + # This gate guards real publishes. A smoke build checks out the PR head in detached HEAD, so NBGV always + # yields a prerelease version; on a main-base PR that would trip the public-release check and fail every + # develop->main promotion that carries a build target. Skip the gate for smoke builds (they never publish). + if [[ "$SMOKE" == "true" ]]; then + echo "Smoke build; skipping release version validation." + exit 0 + fi CORE_AND_PRE="${SEMVER2%%+*}" if [[ "$BRANCH" == "main" ]]; then if [[ "$CORE_AND_PRE" == *-* ]]; then From cf4d9dcf5c5903e65250d8ba7ddb65de845e2a56 Mon Sep 17 00:00:00 2001 From: Pieter Viljoen Date: Fri, 26 Jun 2026 21:06:56 -0700 Subject: [PATCH 3/3] Fix detached-SHA versioning: branch input + git checkout -B (#203) build-nugetlibrary checks out a pinned SHA (detached HEAD), where NBGV with IGNORE_GITHUB_REF saw no branch and built the main leg's package as a prerelease mismatching its clean release tag. Re-add the branch input + git checkout -B so NBGV sees the logical branch from a detached SHA. CI-verified: main->1.4.3.nupkg (clean), develop->1.4.4-g.nupkg (prerelease). Caught by Copilot on the promotion PR. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/build-nugetlibrary-task.yml | 1 + .github/workflows/build-release-task.yml | 1 + .github/workflows/get-version-task.yml | 17 +++++++++++++++++ 3 files changed, 19 insertions(+) diff --git a/.github/workflows/build-nugetlibrary-task.yml b/.github/workflows/build-nugetlibrary-task.yml index cac4dd5..0fb70e2 100644 --- a/.github/workflows/build-nugetlibrary-task.yml +++ b/.github/workflows/build-nugetlibrary-task.yml @@ -37,6 +37,7 @@ jobs: secrets: inherit with: ref: ${{ inputs.ref }} + branch: ${{ inputs.branch }} build-nugetlibrary: name: Build NuGet library project job diff --git a/.github/workflows/build-release-task.yml b/.github/workflows/build-release-task.yml index f5b056a..21b2507 100644 --- a/.github/workflows/build-release-task.yml +++ b/.github/workflows/build-release-task.yml @@ -50,6 +50,7 @@ jobs: secrets: inherit with: ref: ${{ inputs.ref }} + branch: ${{ inputs.branch }} # Entry gate: validate branch<->version consistency once, before the build jobs, so an NBGV mis-classification fails # fast instead of after building and publishing. main must be a public release (no prerelease '-'); every other branch diff --git a/.github/workflows/get-version-task.yml b/.github/workflows/get-version-task.yml index c478dbb..0954cf5 100644 --- a/.github/workflows/get-version-task.yml +++ b/.github/workflows/get-version-task.yml @@ -9,6 +9,13 @@ on: required: false type: string default: '' + # Logical branch NBGV classifies public-vs-prerelease against. With IGNORE_GITHUB_REF, NBGV reads the + # checked-out git branch; callers that check out a pinned commit (detached HEAD - the build jobs) pass this + # so a local branch can be created at that commit, giving NBGV the right name. Empty leaves the checkout as-is. + branch: + required: false + type: string + default: '' outputs: SemVer2: value: ${{ jobs.get-version.outputs.SemVer2 }} @@ -47,6 +54,16 @@ jobs: ref: ${{ inputs.ref }} fetch-depth: 0 + # NBGV (with IGNORE_GITHUB_REF) classifies public-vs-prerelease from the checked-out branch. A pinned-SHA + # checkout is detached HEAD, where NBGV sees no branch and treats every leg as prerelease (the main leg would + # then build a prerelease package mismatching its clean release tag). Force a local branch at HEAD matching the + # logical branch so NBGV sees the right name while still versioning the intended commit. + - name: Pin logical branch step + if: ${{ inputs.branch != '' }} + env: + BRANCH: ${{ inputs.branch }} + run: git checkout -B "$BRANCH" + # nbgv is floated on @master: its tag stream lags master, so Dependabot tag-tracking would propose a downgrade. # Revisit if dotnet/nbgv resumes regular tagged releases. - name: Run Nerdbank.GitVersioning tool step