Bring in recent changes from the template repo#31
Merged
Malcolmnixon merged 4 commits intomainfrom Mar 7, 2026
Merged
Conversation
Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Update with recent changes from template repository
Bring in recent changes from the template repo
Mar 7, 2026
Malcolmnixon
requested changes
Mar 7, 2026
…time jobs Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
Malcolmnixon
approved these changes
Mar 7, 2026
There was a problem hiding this comment.
Pull request overview
Synchronizes this repository with recent updates from the TemplateDotNetTool template, focusing on CI/CD workflow improvements, macOS support, and continuous-compliance documentation additions.
Changes:
- Expanded CI matrices to include
macos-latestand added workflow structure/comments plus additional tool restore/capture steps. - Added “Continuous Compliance” documentation in README and the user guide, and updated agent guidance for macOS test evidence.
- Minor repo hygiene/consistency updates (test
.csprojsection comments,.gitignoreorganization).
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/build.yaml |
Adds macOS to build/integration matrices; restructures steps; expands captured tool list; adds CodeQL init option. |
AGENTS.md |
Adds agent selection guide and macOS test source filter; updates CI/CD descriptions to include macOS. |
README.md |
Updates feature list for macOS support and adds Continuous Compliance entry + link reference. |
docs/guide/guide.md |
Adds a Continuous Compliance section and link reference. |
test/DemaConsulting.VersionMark.Tests/DemaConsulting.VersionMark.Tests.csproj |
Reorders/sections property group with comments; adds “Project References” section comment. |
.gitignore |
Reorders Node patterns and adds a heading for VersionMark capture artifacts. |
Comments suppressed due to low confidence (8)
.github/workflows/build.yaml:184
actions/checkout@v6appears to reference a non-existent major version of the checkout action. Update to a valid major version to prevent the CodeQL job from failing before it runs.
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
.github/workflows/build.yaml:342
actions/upload-artifact@v7may not exist; if so, validation artifacts won’t be uploaded and docs generation will be missing evidence. Pin to a known existing major version.
- name: Upload validation artifacts
if: always()
uses: actions/upload-artifact@v7
with:
name: artifacts-validation-${{ matrix.os }}-dotnet${{ matrix.dotnet-version }}
path: artifacts/
.github/workflows/build.yaml:76
actions/checkout@v6is not a known valid major version tag for the checkout action. Pin to an existing major version (e.g.,@v4) to avoid workflow resolution failures.
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
.github/workflows/build.yaml:263
actions/checkout@v6is not a known valid major version; if the tag doesn’t exist the integration tests will never run. Pin to an existing major version (and apply the same change to other checkout steps).
- name: Checkout
uses: actions/checkout@v6
with:
sparse-checkout: |
.versionmark.yaml
.config/dotnet-tools.json
.github/workflows/build.yaml:235
actions/upload-artifact@v7is not a known major version for this action. Pin to a valid major version to ensure CodeQL artifacts are actually uploaded.
- name: Upload CodeQL artifacts
uses: actions/upload-artifact@v7
with:
name: artifacts-codeql
path: artifacts/
.github/workflows/build.yaml:367
actions/download-artifact@v8appears to reference an invalid major version. Pin to a known existing major version so build-docs can fetch artifacts from prior jobs.
- name: Download all job artifacts
uses: actions/download-artifact@v8
with:
path: artifacts
pattern: 'artifacts-*'
merge-multiple: true
continue-on-error: true
.github/workflows/build.yaml:154
actions/upload-artifact@v7is not a known valid major version of this action (commonly@v4). If the tag doesn’t exist, artifact upload will fail and downstream jobs won’t have build outputs.
- name: Upload build artifacts
uses: actions/upload-artifact@v7
with:
name: artifacts-build-${{ matrix.os }}
path: artifacts/
.github/workflows/build.yaml:634
actions/upload-artifact@v7is not a known valid major version. Pin to a known existing major version so documentation artifacts are uploaded reliably.
- name: Upload documentation
uses: actions/upload-artifact@v7
with:
name: documents
path: |
docs/*.pdf
docs/buildnotes.md
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Malcolmnixon
requested changes
Mar 7, 2026
…ild-docs jobs Co-authored-by: Malcolmnixon <1863707+Malcolmnixon@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 5 out of 6 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (3)
.github/workflows/build.yaml:340
- This step uses
actions/upload-artifact@v7. If that major version isn’t valid, validation TRX files and VersionMark capture JSONs won’t be available to thebuild-docsjob. Please verify the major version exists, or pin to a known released major/commit SHA.
- name: Upload validation artifacts
if: always()
uses: actions/upload-artifact@v7
with:
.github/workflows/build.yaml:80
- This job uses
actions/checkout@v6andactions/setup-dotnet@v5. If those major versions don’t exist (as of Aug 2025, checkout/setup-dotnet were on v4), CI will fail during dependency setup. Please verify the intended major versions and consider pinning to released majors (or SHAs) consistently across all jobs.
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Setup dotnet
uses: actions/setup-dotnet@v5
with:
.github/workflows/build.yaml:266
- This job pins multiple official actions to high major versions (
actions/checkout@v6,actions/download-artifact@v8). If those majors aren’t available, integration tests won’t be able to fetch the built package or even check out the repo. Please confirm these majors exist, or pin to known released majors / commit SHAs consistently across the workflow.
- name: Checkout
uses: actions/checkout@v6
with:
sparse-checkout: |
.versionmark.yaml
.config/dotnet-tools.json
- name: Download package
uses: actions/download-artifact@v8
with:
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Malcolmnixon
approved these changes
Mar 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Syncs VersionMark with recent improvements from the TemplateDotNetTool template (PRs #41–#55).
Description
CI/CD Workflow (
build.yaml)quality-checksjob: Add section guidance comments; note that VersionMark version capture is not available here because this repo builds VersionMark itselfbuildjob: Addmacos-latestto strategy matrix; add section comments; note that VersionMark version capture is not available here because this repo builds VersionMark itselfcodeqljob: Addbuild-mode: manualtocodeql-action/init@v4; add section commentsintegration-testjob: Addmacos-latestto strategy matrix; addRestore Toolsstep; normalize OS_SHORT withsed 's/-latest//'(consistent across all platforms); add section commentsbuild-docsjob: MoveSetup Node.jsinto INSTALL DEPENDENCIES section (after artifact downloads); add section commentsDocumentation & Agent Guidance
AGENTS.md: Add Agent Selection Guide (task → agent mapping); addmacos@TestNametest source filter; update CI/CD section to reflect macOS supportREADME.md: Add Continuous Compliance feature entry with link to the methodologydocs/guide/guide.md: Add Continuous Compliance section after Introductiontest/.csproj: Add<!-- Build Configuration -->and<!-- Code Quality Configuration -->section comments; match template property order.gitignore: Add# VersionMark captures (generated during CI/CD)heading; fixnpm-debug.logorderingType of Change
Pre-Submission Checklist
Before submitting this pull request, ensure you have completed the following:
Build and Test
dotnet build --configuration Releasedotnet test --configuration Releasedotnet run --project src/DemaConsulting.VersionMark --configuration Release --framework net10.0--no-build -- --validateCode Quality
dotnet format --verify-no-changesQuality Checks
Please run the following checks before submitting:
cspell "**/*.{md,cs}"markdownlint "**/*.md"yamllint .Testing
Documentation
Additional Notes
Because this repo builds VersionMark, the
quality-checksandbuildjobs cannot use a previously-released version of VersionMark from nuget.org. Both jobs include a comment explaining this limitation. VersionMark capture is only performed in theintegration-testandbuild-docsjobs (fordotnet,git, and other external tools), where the freshly-built package has already been installed. VersionMark's own version is not captured since it is the artifact being produced by this CI build.🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.