ci: publish src/public/ packages to github packages #34

2026-05-07T11:04:12-04:00

jasoncouture commented

2026-05-07 11:04:12 -04:00

(Migrated from github.com)

Summary

Pushes every src/public/ package to the GitHub Packages NuGet feed (https://nuget.pkg.github.com/jasoncouture/index.json) on every push to main and release/**. NBGV provides the version. Idempotent on re-run.

What's in here

.github/workflows/nuget-publish.yml:

Trigger: push to main and release/**.
Permissions: contents: read, packages: write (the latter is what authorizes dotnet nuget push against GITHUB_TOKEN).
Concurrency: ref-keyed, no cancel — release-branch publishes deserve to finish.
Steps: checkout (fetch-depth: 0 for NBGV) → setup-dotnet@v4 (10.0.x) → dotnet restore LlamaShears.slnx → dotnet pack LlamaShears.slnx -c Release --no-restore -o ./artifacts/nuget → dotnet nuget push ./artifacts/nuget/*.nupkg --source <feed> --api-key $GITHUB_TOKEN --skip-duplicate.

Why `dotnet pack` on the slnx instead of looping per-project

IsPackable is false by default and only flipped on under src/public/ (via src/public/Directory.Build.props). Packing the slnx therefore packs exactly the public packages with zero per-project bookkeeping — adding a new public package later requires no workflow edit.

Why `--skip-duplicate`

NBGV produces deterministic versions from git history, so re-running the workflow on the same commit (e.g. after editing the workflow itself) emits the same package versions. Without --skip-duplicate those re-runs would 409 from the feed and fail the workflow. --skip-duplicate makes them no-ops — only genuinely new versions get pushed.

Out of scope

nuget.org publishing. Deferred until nuget.org credentials are re-upped.
version.json adjustments. The current publicReleaseRefSpec lists ^refs/heads/main$ and ^refs/heads/v\d+(?:\.\d+)?$. Pushing from release/**/* will produce non-public-release builds with +g<commit> metadata — that's the existing NBGV configuration speaking, not a workflow choice. If/when the release-branch convention crystallises, version.json can be updated independently.

Test plan

Husky docs-api-up-to-date pre-push check passed.
Real verification needs the workflow to run on main — that happens after this stack lands. First run will reveal any auth / source-URL / --skip-duplicate edge cases.

Stacking note

Targets ci/pr-coverage-comment (PR #33). Will retarget main automatically as the chain merges.

🤖 Generated with Claude Code

## Summary Pushes every `src/public/` package to the GitHub Packages NuGet feed (`https://nuget.pkg.github.com/jasoncouture/index.json`) on every push to `main` and `release/**`. NBGV provides the version. Idempotent on re-run. ## What's in here `.github/workflows/nuget-publish.yml`: - Trigger: `push` to `main` and `release/**`. - Permissions: `contents: read`, `packages: write` (the latter is what authorizes `dotnet nuget push` against `GITHUB_TOKEN`). - Concurrency: ref-keyed, no cancel — release-branch publishes deserve to finish. - Steps: checkout (`fetch-depth: 0` for NBGV) → `setup-dotnet@v4` (10.0.x) → `dotnet restore LlamaShears.slnx` → `dotnet pack LlamaShears.slnx -c Release --no-restore -o ./artifacts/nuget` → `dotnet nuget push ./artifacts/nuget/*.nupkg --source <feed> --api-key $GITHUB_TOKEN --skip-duplicate`. ## Why `dotnet pack` on the slnx instead of looping per-project `IsPackable` is `false` by default and only flipped on under `src/public/` (via `src/public/Directory.Build.props`). Packing the slnx therefore packs exactly the public packages with zero per-project bookkeeping — adding a new public package later requires no workflow edit. ## Why `--skip-duplicate` NBGV produces deterministic versions from git history, so re-running the workflow on the same commit (e.g. after editing the workflow itself) emits the same package versions. Without `--skip-duplicate` those re-runs would 409 from the feed and fail the workflow. `--skip-duplicate` makes them no-ops — only genuinely new versions get pushed. ## Out of scope - **nuget.org publishing.** Deferred until nuget.org credentials are re-upped. - **`version.json` adjustments.** The current `publicReleaseRefSpec` lists `^refs/heads/main$` and `^refs/heads/v\d+(?:\.\d+)?$`. Pushing from `release/**/*` will produce non-public-release builds with `+g<commit>` metadata — that's the existing NBGV configuration speaking, not a workflow choice. If/when the release-branch convention crystallises, `version.json` can be updated independently. ## Test plan - [x] Husky `docs-api-up-to-date` pre-push check passed. - [ ] Real verification needs the workflow to run on `main` — that happens after this stack lands. First run will reveal any auth / source-URL / `--skip-duplicate` edge cases. ## Stacking note Targets `ci/pr-coverage-comment` (PR #33). Will retarget `main` automatically as the chain merges. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

CLAassistant commented

2026-05-07 11:04:27 -04:00

(Migrated from github.com)

All committers have signed the CLA.

[![CLA assistant check](https://cla-assistant.io/pull/badge/signed)](https://cla-assistant.io/jasoncouture/llama-shears?pullRequest=34) <br/>All committers have signed the CLA.

copilot-pull-request-reviewer[bot] (Migrated from github.com) reviewed

2026-05-07 11:08:45 -04:00

copilot-pull-request-reviewer[bot] (Migrated from github.com) left a comment

Pull request overview

Adds a GitHub Actions workflow to publish NuGet packages produced from src/public/ to GitHub Packages on pushes to main and release/**, using Nerdbank.GitVersioning-derived versions.

Changes:

Introduces .github/workflows/nuget-publish.yml to restore, pack, and push packages on branch pushes.
Uses ref-keyed concurrency and --skip-duplicate to make re-runs idempotent.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

## Pull request overview Adds a GitHub Actions workflow to publish NuGet packages produced from `src/public/` to GitHub Packages on pushes to `main` and `release/**`, using Nerdbank.GitVersioning-derived versions. **Changes:** - Introduces `.github/workflows/nuget-publish.yml` to restore, pack, and push packages on branch pushes. - Uses ref-keyed concurrency and `--skip-duplicate` to make re-runs idempotent. --- 💡 <a href="/jasoncouture/llama-shears/new/ci/pr-coverage-comment?filename=.github/instructions/*.instructions.md" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Add Copilot custom instructions</a> for smarter, more guided reviews. <a href="https://docs.github.com/en/copilot/customizing-copilot/adding-repository-custom-instructions-for-github-copilot" class="Link--inTextBlock" target="_blank" rel="noopener noreferrer">Learn how to get started</a>.

.github/workflows/nuget-publish.yml

					
				@ -0,0 +41,4 @@

				        run: |

				          dotnet nuget push './artifacts/nuget/*.nupkg' \

				            --source 'https://nuget.pkg.github.com/jasoncouture/index.json' \

				            --api-key "${{ secrets.GITHUB_TOKEN }}" \

The GitHub Packages feed URL is hard-coded to jasoncouture, which will break if the repo is transferred/renamed and will also cause this workflow to fail on forks (the fork’s GITHUB_TOKEN won’t have rights to push to that owner’s feed). Consider deriving the source from ${{ github.repository_owner }} (or ${{ github.repository }}) and, if you only want publishing from the canonical repo, add an if: guard on the job/step to prevent running on forks.

The GitHub Packages feed URL is hard-coded to `jasoncouture`, which will break if the repo is transferred/renamed and will also cause this workflow to fail on forks (the fork’s `GITHUB_TOKEN` won’t have rights to push to that owner’s feed). Consider deriving the source from `${{ github.repository_owner }}` (or `${{ github.repository }}`) and, if you only want publishing from the canonical repo, add an `if:` guard on the job/step to prevent running on forks.

Sign in to join this conversation.

No reviewers