From d63c999f90740cffd8321e2fc81798394f3b6132 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 15 Dec 2025 19:09:08 +0000
Subject: [PATCH 1/4] Initial plan


From 38b96d17765b8319a7ce488d29d39c0307b5a0cf Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 15 Dec 2025 19:13:11 +0000
Subject: [PATCH 2/4] feat: add GitHub Action to automatically publish
 extension on release

Co-authored-by: jcanizalez <27365102+jcanizalez@users.noreply.github.com>
---
 .github/PUBLISHING.md                   | 73 +++++++++++++++++++++++++
 .github/workflows/publish-extension.yml | 35 ++++++++++++
 2 files changed, 108 insertions(+)
 create mode 100644 .github/PUBLISHING.md
 create mode 100644 .github/workflows/publish-extension.yml

diff --git a/.github/PUBLISHING.md b/.github/PUBLISHING.md
new file mode 100644
index 0000000..6de1657
--- /dev/null
+++ b/.github/PUBLISHING.md
@@ -0,0 +1,73 @@
+# Publishing Guide
+
+This repository includes an automated GitHub Action workflow that publishes the extension to the Visual Studio Marketplace automatically after each release.
+
+## Setup
+
+### Required Secrets
+
+To enable automatic publishing, you need to configure the following secret in your GitHub repository:
+
+1. **MARKETPLACE_PAT**: A Personal Access Token (PAT) for the Visual Studio Marketplace
+
+#### Creating a Marketplace PAT
+
+1. Go to [Visual Studio Marketplace Publisher Management](https://marketplace.visualstudio.com/manage)
+2. Click on your publisher account
+3. Go to "Security" and create a new Personal Access Token
+4. Set the following:
+   - **Name**: GitHub Actions Publishing
+   - **Organization**: All accessible organizations
+   - **Expiration**: Set an appropriate expiration date
+   - **Scopes**: Select "Marketplace (Publish)"
+5. Copy the generated token
+
+#### Adding the Secret to GitHub
+
+1. Go to your GitHub repository
+2. Navigate to Settings → Secrets and variables → Actions
+3. Click "New repository secret"
+4. Name: `MARKETPLACE_PAT`
+5. Value: Paste the token you created
+6. Click "Add secret"
+
+## Workflow Trigger
+
+The workflow is triggered automatically when a new release is published on GitHub.
+
+### Publishing Process
+
+When a release is published:
+
+1. The workflow checks out the code
+2. Sets up Node.js 20
+3. Installs dependencies and builds the task
+4. Installs TFX CLI (Azure DevOps Extension Tool)
+5. Packages the extension
+6. Publishes the extension to the Visual Studio Marketplace
+
+## Manual Publishing
+
+If you need to publish manually, you can:
+
+```bash
+# Install dependencies and build
+cd buildandreleasetask
+npm run build
+cd ..
+
+# Install TFX CLI
+npm install -g tfx-cli
+
+# Package the extension
+tfx extension create --manifest-globs vss-extension.json
+
+# Publish the extension
+tfx extension publish --vsix *.vsix --auth-type pat --token YOUR_PAT_TOKEN
+```
+
+## Troubleshooting
+
+- **Build Failures**: Check that all dependencies are correctly specified in `package.json`
+- **Publishing Failures**: Verify that the `MARKETPLACE_PAT` secret is correctly configured and has not expired
+- **Version Conflicts**: Ensure the version in `vss-extension.json` and `task.json` is updated before creating a release
diff --git a/.github/workflows/publish-extension.yml b/.github/workflows/publish-extension.yml
new file mode 100644
index 0000000..968193b
--- /dev/null
+++ b/.github/workflows/publish-extension.yml
@@ -0,0 +1,35 @@
+name: Publish Extension
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: buildandreleasetask/package-lock.json
+      
+      - name: Install dependencies and build task
+        working-directory: buildandreleasetask
+        run: npm run build
+      
+      - name: Install TFX CLI
+        run: npm install -g tfx-cli
+      
+      - name: Package extension
+        run: tfx extension create --manifest-globs vss-extension.json --output-path ./out
+      
+      - name: Publish extension
+        run: tfx extension publish --vsix ./out/*.vsix --auth-type pat --token ${{ secrets.MARKETPLACE_PAT }}
+        env:
+          MARKETPLACE_PAT: ${{ secrets.MARKETPLACE_PAT }}

From e5b255f1bcc59d6c2412f1bb236411b9b6c1104c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 15 Dec 2025 19:14:28 +0000
Subject: [PATCH 3/4] fix: address code review feedback - remove redundant env
 var and add validation

Co-authored-by: jcanizalez <27365102+jcanizalez@users.noreply.github.com>
---
 .github/PUBLISHING.md                   | 5 +++--
 .github/workflows/publish-extension.yml | 7 ++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/PUBLISHING.md b/.github/PUBLISHING.md
index 6de1657..7023cfd 100644
--- a/.github/PUBLISHING.md
+++ b/.github/PUBLISHING.md
@@ -60,10 +60,11 @@ cd ..
 npm install -g tfx-cli
 
 # Package the extension
-tfx extension create --manifest-globs vss-extension.json
+mkdir -p ./out
+tfx extension create --manifest-globs vss-extension.json --output-path ./out
 
 # Publish the extension
-tfx extension publish --vsix *.vsix --auth-type pat --token YOUR_PAT_TOKEN
+tfx extension publish --vsix ./out/*.vsix --auth-type pat --token YOUR_PAT_TOKEN
 ```
 
 ## Troubleshooting
diff --git a/.github/workflows/publish-extension.yml b/.github/workflows/publish-extension.yml
index 968193b..6638132 100644
--- a/.github/workflows/publish-extension.yml
+++ b/.github/workflows/publish-extension.yml
@@ -27,9 +27,10 @@ jobs:
         run: npm install -g tfx-cli
       
       - name: Package extension
-        run: tfx extension create --manifest-globs vss-extension.json --output-path ./out
+        run: |
+          mkdir -p ./out
+          tfx extension create --manifest-globs vss-extension.json --output-path ./out
+          ls -lh ./out/*.vsix
       
       - name: Publish extension
         run: tfx extension publish --vsix ./out/*.vsix --auth-type pat --token ${{ secrets.MARKETPLACE_PAT }}
-        env:
-          MARKETPLACE_PAT: ${{ secrets.MARKETPLACE_PAT }}

From b8c07d964dc3ccd1e8e057083d63e765996fd139 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Mon, 15 Dec 2025 19:15:52 +0000
Subject: [PATCH 4/4] security: add explicit permissions to workflow to limit
 GITHUB_TOKEN access

Co-authored-by: jcanizalez <27365102+jcanizalez@users.noreply.github.com>
---
 .github/workflows/publish-extension.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/publish-extension.yml b/.github/workflows/publish-extension.yml
index 6638132..51073f5 100644
--- a/.github/workflows/publish-extension.yml
+++ b/.github/workflows/publish-extension.yml
@@ -7,6 +7,8 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     
     steps:
       - name: Checkout code