ci(release): 6.1.14 Pipeline-Konvergenz fuer Dispatch fail-closed by tomtastisch · Pull Request #124 · tomtastisch/FileClassifier

tomtastisch · 2026-02-22T17:40:39Z

Ziel & Scope

Schließt 6.1.14 als separaten Block: NuGet-Online-Konvergenz wird im Release-Flow auch für workflow_dispatch fail-closed erzwungen.
Scope ist bewusst auf Release-/Convergence-Gates, zugehörige Audit-Doku und Versionierung auf 6.1.14 begrenzt.

Umgesetzte Aufgaben (abhaken)

Release-Workflow um synchrones Blocker-Gate enforce-online-convergence erweitert.
Release-Metadaten als Artefakt eingeführt (release-meta).
Workflow-Run-Metadatenauflösung auf artefaktbasiertes, deterministisches Parsing umgestellt.
Async-Workflow nuget-online-convergence für erfolgreiche Release Publish-Runs ohne Push-only-Einschränkung gehärtet.
Trusted-Publishing-Dokumentation (DE/EN + kanonische Spiegel) auf den neuen Sync-Blocker ergänzt.
Scorecard-Governance-Mapping auf Fuzzing als Release-Blocker-Evidence aktualisiert.
Versionskonvergenz auf 6.1.14 angehoben (RepoVersion, Version, PackageVersion, Version-History-Top-Eintrag).
PR-Scope-Allowlist für neue Workflow-/Doc-Pfade erweitert.

Nachbesserungen aus Review (iterativ)

N/A initialer PR-Stand.

Security- und Merge-Gates

fail-closed: Release-Konvergenz ist blocker, nicht report-only.
fail-closed: Release-Metadaten werden aus Artifact statt impliziter Branch-Heuristik gelesen.
security/code-scanning/tools: Zielzustand 0 offene Alerts bleibt unverändert als Merge-Voraussetzung.
Kein Secret-Wert in neue Logs/Artefakte geschrieben.

Evidence (auditierbar)

CI_DEFER_ARTIFACT_LINK_RESOLUTION=1 bash tools/ci/bin/run.sh preflight -> status=pass.
dotnet build FileClassifier.sln -c Release --no-restore -warnaserror -v minimal -> erfolgreich.
Artefakt-/Workflow-Dateien:
- .github/workflows/release.yml
- .github/workflows/nuget-online-convergence.yml
- tools/ci/release/resolve_workflow_run_release_meta.sh
- tools/ci/release/write_release_meta_artifact.sh

DoD (mindestens 2 pro Punkt)

DoD-1: Release-Flow enthält expliziten Online-Convergence-Blocker nach Publish.
DoD-2: workflow_dispatch-Releases liefern korrekte Release-Metadaten für Konvergenzprüfung.
DoD-3: Doku (DE/EN + Spiegel) beschreibt den neuen Blocker-Pfad konsistent.
DoD-4: Versionierungs-SSOT steht konsistent auf 6.1.14.

chatgpt-codex-connector · 2026-02-22T17:40:44Z

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

Copilot

Pull request overview

Copilot reviewed 19 out of 19 changed files in this pull request and generated 2 comments.

tools/ci/release/run_fuzz_release_gate.sh

docs/versioning/002_HISTORY_VERSIONS.MD

ci(release): 6.1.14 nuget-konvergenz fuer dispatch fail-closed haerten

9d90cd7

Copilot AI review requested due to automatic review settings February 22, 2026 17:40

github-actions bot added area:pipeline area:docs area:versioning area:tooling impl:security feature New compatible feature or datatype impl:config versioning:minor New compatible functionality; requires MINOR bump and removed area:docs area:tooling impl:security labels Feb 22, 2026

Copilot started reviewing on behalf of tomtastisch February 22, 2026 17:41 View session

tomtastisch enabled auto-merge (squash) February 22, 2026 17:45

This comment was marked as resolved.

Sign in to view

fix(release): review-fixes fuer fuzz-gate und release-meta hardening

0e8654b

github-actions bot added area:docs area:tooling impl:security area:tests and removed area:docs area:tooling impl:security area:tests labels Feb 22, 2026

tomtastisch requested a review from Copilot February 22, 2026 18:02

tomtastisch self-assigned this Feb 22, 2026

Copilot started reviewing on behalf of tomtastisch February 22, 2026 18:02 View session

Copilot AI reviewed Feb 22, 2026

View reviewed changes

tools/ci/release/run_fuzz_release_gate.sh Outdated Show resolved Hide resolved

docs/versioning/002_HISTORY_VERSIONS.MD Show resolved Hide resolved

tomtastisch disabled auto-merge February 22, 2026 18:47

tomtastisch enabled auto-merge (squash) February 22, 2026 18:47

github-actions bot added 2 commits February 22, 2026 20:31

fix(ci): add grep fallback for fuzz gate no-test detection

1ec33d6

docs(versioning): mirror 6.1.14 in bilingual history and changelog

8fb205e

github-actions bot added area:docs area:tooling impl:security area:tests and removed area:docs area:tooling impl:security area:tests labels Feb 22, 2026

tomtastisch merged commit 9da9b97 into main Feb 22, 2026
26 checks passed

tomtastisch deleted the codex/ci/6-1-14-release-convergence branch February 22, 2026 19:38

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Comments

ci(release): 6.1.14 Pipeline-Konvergenz fuer Dispatch fail-closed#124

ci(release): 6.1.14 Pipeline-Konvergenz fuer Dispatch fail-closed#124
tomtastisch merged 4 commits intomainfrom
codex/ci/6-1-14-release-convergence

tomtastisch commented Feb 22, 2026

Uh oh!

chatgpt-codex-connector bot commented Feb 22, 2026

Uh oh!

This comment was marked as resolved.

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Comments

Conversation

tomtastisch commented Feb 22, 2026

Ziel & Scope

Umgesetzte Aufgaben (abhaken)

Nachbesserungen aus Review (iterativ)

Security- und Merge-Gates

Evidence (auditierbar)

DoD (mindestens 2 pro Punkt)

Uh oh!

chatgpt-codex-connector bot commented Feb 22, 2026

Uh oh!

This comment was marked as resolved.

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant