feat: CI/CD Enhancements and NuGet Publishing Setup #7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Set supported version to 0.5.x - Add vulnerability reporting guidelines with response timeline - Document security considerations for the tool - Add HTML report security notes (XSS prevention, sandboxed JS) - Define scope of security policy Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add matrix strategy to CI workflow to run builds and tests on all three major platforms. Update artifact names to include OS for uniqueness. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add CodeQL workflow for C# security vulnerability scanning - Configure to run on push to main/develop, pull requests, and weekly schedule - Add Dependabot for NuGet packages and GitHub Actions updates Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add NuGet package publishing to GitHub Packages with tag-based triggers: - Create publish.yml workflow that triggers on v* tags - Update all .csproj files with NuGet metadata (PackageId, Description, Tags) - Add PackageReadmeFile to include README.md in packages - Centralize common properties (Authors, PackageLicenseExpression) in Directory.Build.props - CLI project configured as dotnet tool with PackAsTool and ToolCommandName Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Adjust NuGet publishing to create a single package (roslyn-diff) that bundles all assemblies. Core and Output projects are no longer packaged separately as they are automatically included via project references. Changes: - Set PackageId to 'roslyn-diff' in CLI project - Mark Core and Output projects as IsPackable=false - Update publish workflow to pack only CLI project - Remove unnecessary NuGet metadata from library projects Users can now install via: dotnet tool install roslyn-diff Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds CI/CD enhancements and sets up NuGet package publishing.
CI/CD Improvements
NuGet Publishing
roslyn-diffbundles Core + Output assembliesv*tags to publish to GitHub Packagesdotnet tool install --global roslyn-diffSecurity
Changes
.github/workflows/ci.yml- Multi-platform matrix.github/workflows/codeql.yml- Security scanning.github/workflows/publish.yml- NuGet publishing on tags.github/dependabot.yml- Dependency updatesSECURITY.md- Security policyTest plan
roslyn-diff.nupkgwith all assemblies🤖 Generated with Claude Code