From 89a1073ab546958465813ef5a0a77468e4f96832 Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 00:08:14 +0000 Subject: [PATCH 1/7] Add detect-pr-label job to manage package publishing based on PR labels --- .github/workflows/dotnet-main.yml | 54 +++++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index 22301bafd..c9a58c8a4 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -8,6 +8,10 @@ on: env: DEFAULT_DOTNET_VERSION: "8.0.x" +permissions: + contents: read + pull-requests: read + jobs: build: strategy: @@ -98,10 +102,13 @@ jobs: ${{ github.workspace }}/packages/**/*.nupkg publish-nuget: - needs: sign + needs: [sign, detect-pr-label] runs-on: ubuntu-latest environment: name: nuget-beta + # Only run publish when the merged PR does NOT contain the skip label. + # The label name is configurable via the `SKIP_PUBLISH_LABEL` env in the detector job below. + if: needs.detect-pr-label.outputs.skip_publish != 'true' steps: - name: Download package uses: actions/download-artifact@v5 @@ -112,10 +119,12 @@ jobs: run: dotnet nuget push ./*.nupkg --source "https://api.nuget.org/v3/index.json" --api-key ${{ secrets.NUGET_PACKAGE_PUSH_TOKEN }} publish-azure-artifacts: - needs: sign + needs: [sign, detect-pr-label] runs-on: windows-latest environment: name: azure-artifacts + # Skip pushing to Azure Artifacts when the merged PR requested skipping the publish. + if: needs.detect-pr-label.outputs.skip_publish != 'true' steps: - name: Download package uses: actions/download-artifact@v5 @@ -144,3 +153,44 @@ jobs: uses: ./.github/workflows/code-coverage.yml secrets: inherit + detect-pr-label: + # This job detects whether the commit that triggered this push + # is associated with a merged pull request that contains a label + # indicating we should skip publishing packages. + runs-on: ubuntu-latest + outputs: + skip_publish: ${{ steps.check.outputs.skip }} + env: + # Change this label name to whatever you use to skip publishing. + SKIP_PUBLISH_LABEL: skip-nuget-publish + steps: + - name: Install jq + run: sudo apt-get update && sudo apt-get install -y jq + + - name: Get PRs for commit + id: get_prs + run: | + prs=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \ + -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ + "https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/pulls") + echo "$prs" > prs.json + + - name: Determine skip label + id: check + run: | + LABEL="${SKIP_PUBLISH_LABEL}" + number=$(jq -r '.[0].number // empty' prs.json) + if [ -z "$number" ]; then + # No PR found for this commit -> do not skip by default + echo "skip=false" >> $GITHUB_OUTPUT + exit 0 + fi + pr=$(curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$number") + echo "$pr" > pr.json + has_label=$(jq -r --arg label "$LABEL" '.labels[].name | select(. == $label) // empty' pr.json) + if [ -n "$has_label" ]; then + echo "skip=true" >> $GITHUB_OUTPUT + else + echo "skip=false" >> $GITHUB_OUTPUT + fi + From 56d93b357d853343be8fb2d278f48e519fa5429d Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 00:10:52 +0000 Subject: [PATCH 2/7] Don't need to install jq, already there --- .github/workflows/dotnet-main.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index c9a58c8a4..c50bb7613 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -164,9 +164,6 @@ jobs: # Change this label name to whatever you use to skip publishing. SKIP_PUBLISH_LABEL: skip-nuget-publish steps: - - name: Install jq - run: sudo apt-get update && sudo apt-get install -y jq - - name: Get PRs for commit id: get_prs run: | From b5e54df22c4d4f8bcf17e9e610b8ec334480b45b Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 00:16:45 +0000 Subject: [PATCH 3/7] Using github cli --- .github/workflows/dotnet-main.yml | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index c50bb7613..771cc1824 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -164,30 +164,23 @@ jobs: # Change this label name to whatever you use to skip publishing. SKIP_PUBLISH_LABEL: skip-nuget-publish steps: - - name: Get PRs for commit - id: get_prs - run: | - prs=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ - "https://api.github.com/repos/${{ github.repository }}/commits/${{ github.sha }}/pulls") - echo "$prs" > prs.json - - - name: Determine skip label + - name: Determine skip label using gh id: check run: | LABEL="${SKIP_PUBLISH_LABEL}" - number=$(jq -r '.[0].number // empty' prs.json) - if [ -z "$number" ]; then + # Get the first PR associated with this commit (if any) + number=$(gh api -H "Accept: application/vnd.github.groot-preview+json" \ + "/repos/${{ github.repository }}/commits/${{ github.sha }}/pulls" --jq '.[0].number' 2>/dev/null || echo "") + if [ -z "$number" ] || [ "$number" = "null" ]; then # No PR found for this commit -> do not skip by default echo "skip=false" >> $GITHUB_OUTPUT exit 0 fi - pr=$(curl -s -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/${{ github.repository }}/pulls/$number") - echo "$pr" > pr.json - has_label=$(jq -r --arg label "$LABEL" '.labels[].name | select(. == $label) // empty' pr.json) + + # List label names for the PR and check for an exact match + has_label=$(gh api "/repos/${{ github.repository }}/pulls/$number" --jq '.labels[].name' 2>/dev/null | grep -x -- "$LABEL" || true) if [ -n "$has_label" ]; then echo "skip=true" >> $GITHUB_OUTPUT else echo "skip=false" >> $GITHUB_OUTPUT fi - From 71b95bdf7188fc1f8d234b3de61593cd68c0c726 Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 10:19:13 +1000 Subject: [PATCH 4/7] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dotnet-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index 771cc1824..86bb9d0ac 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -169,7 +169,7 @@ jobs: run: | LABEL="${SKIP_PUBLISH_LABEL}" # Get the first PR associated with this commit (if any) - number=$(gh api -H "Accept: application/vnd.github.groot-preview+json" \ + number=$(gh api -H "Accept: application/vnd.github+json" \ "/repos/${{ github.repository }}/commits/${{ github.sha }}/pulls" --jq '.[0].number' 2>/dev/null || echo "") if [ -z "$number" ] || [ "$number" = "null" ]; then # No PR found for this commit -> do not skip by default From d09b8ca1c924a0caf01381c4a4f862e151ebc9e9 Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 10:19:19 +1000 Subject: [PATCH 5/7] Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dotnet-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index 86bb9d0ac..e0ffb44ea 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -178,7 +178,7 @@ jobs: fi # List label names for the PR and check for an exact match - has_label=$(gh api "/repos/${{ github.repository }}/pulls/$number" --jq '.labels[].name' 2>/dev/null | grep -x -- "$LABEL" || true) + has_label=$(gh api "/repos/${{ github.repository }}/issues/$number/labels" --jq '.[].name' 2>/dev/null | grep -x -- "$LABEL" || true) if [ -n "$has_label" ]; then echo "skip=true" >> $GITHUB_OUTPUT else From 8db5839e061d22005e6cf99574dafa1406fd04c0 Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 10:22:59 +1000 Subject: [PATCH 6/7] Update .github/workflows/dotnet-main.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dotnet-main.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index e0ffb44ea..e8882a918 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -164,8 +164,9 @@ jobs: # Change this label name to whatever you use to skip publishing. SKIP_PUBLISH_LABEL: skip-nuget-publish steps: - - name: Determine skip label using gh id: check + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | LABEL="${SKIP_PUBLISH_LABEL}" # Get the first PR associated with this commit (if any) From 07077af40846f59bf80d1e90439978d467f9a5cb Mon Sep 17 00:00:00 2001 From: Aaron Powell Date: Tue, 2 Sep 2025 10:23:07 +1000 Subject: [PATCH 7/7] Update .github/workflows/dotnet-main.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dotnet-main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dotnet-main.yml b/.github/workflows/dotnet-main.yml index e8882a918..0f98f568d 100644 --- a/.github/workflows/dotnet-main.yml +++ b/.github/workflows/dotnet-main.yml @@ -179,7 +179,7 @@ jobs: fi # List label names for the PR and check for an exact match - has_label=$(gh api "/repos/${{ github.repository }}/issues/$number/labels" --jq '.[].name' 2>/dev/null | grep -x -- "$LABEL" || true) + has_label=$(gh api "/repos/${{ github.repository }}/issues/$number/labels" --jq '.[].name' 2>/dev/null | grep -Fx -- "$LABEL" || true) if [ -n "$has_label" ]; then echo "skip=true" >> $GITHUB_OUTPUT else