feat: Add CI workflow for publishing .NET tool to NuGet and update Homebrew and WinGet manifests#71
Conversation
…mebrew and WinGet manifests
There was a problem hiding this comment.
Pull request overview
This PR adds automated distribution of the copilot_here CLI via package managers by extending the existing publish pipeline and adding packaging templates/manifests for Homebrew and WinGet, plus .NET Tool (NuGet) metadata.
Changes:
- Add a new
publish-nugetjob to pack and (optionally) publish a .NET global tool to NuGet. - Add Homebrew formula template + CI steps to update a separate Homebrew tap after release.
- Add WinGet manifest files + CI steps to submit WinGet updates via
wingetcreate, plus setup documentation.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/publish.yml |
Adds NuGet publish job and post-release Homebrew/WinGet automation + workflow summary updates |
app/CopilotHere.csproj |
Adds .NET tool package metadata and packs README/LICENSE into the NuGet package |
packaging/homebrew/Formula/copilot_here.rb |
Homebrew formula template for the tap automation |
packaging/winget/GordonBeeming.CopilotHere*.yaml |
WinGet manifests (version/installer/locale) |
packaging/SETUP.md |
Setup guide for secrets and usage across NuGet/Homebrew/WinGet |
LICENSE |
Updates copyright year |
| To enable the shell function wrapper, run: | ||
| copilot_here --install-shells | ||
|
|
||
| Or manually source the shell script in your profile: | ||
| Bash/Zsh: source "$(brew --prefix)/share/copilot_here/copilot_here.sh" |
There was a problem hiding this comment.
The Homebrew formula caveats suggest sourcing a shell script from "$(brew --prefix)/share/copilot_here/copilot_here.sh", but this formula only installs the binary (no script is placed under share/). This instruction will fail for users; either install the shell script into the referenced path (e.g., under prefix/share) or remove the manual sourcing instruction and only recommend copilot_here --install-shells (which downloads the scripts itself).
| To enable the shell function wrapper, run: | |
| copilot_here --install-shells | |
| Or manually source the shell script in your profile: | |
| Bash/Zsh: source "$(brew --prefix)/share/copilot_here/copilot_here.sh" | |
| To enable the shell function wrappers for your shell, run: | |
| copilot_here --install-shells |
| echo "**Package Managers:**" >> $GITHUB_STEP_SUMMARY | ||
| echo "- Homebrew tap updated" >> $GITHUB_STEP_SUMMARY | ||
| echo "- WinGet manifest submitted" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
The workflow summary currently prints "Homebrew tap updated" and "WinGet manifest submitted" whenever release-cli succeeds, but both updates are conditional on secrets and may be skipped. This can produce misleading summaries; consider checking the relevant secrets or step outcomes (or exporting an output from those steps) before claiming they ran.
| echo "**Package Managers:**" >> $GITHUB_STEP_SUMMARY | |
| echo "- Homebrew tap updated" >> $GITHUB_STEP_SUMMARY | |
| echo "- WinGet manifest submitted" >> $GITHUB_STEP_SUMMARY | |
| echo "**Package Managers (conditional):**" >> $GITHUB_STEP_SUMMARY | |
| echo "- Homebrew tap update (runs only when configured and enabled)" >> $GITHUB_STEP_SUMMARY | |
| echo "- WinGet manifest update (runs only when configured and enabled)" >> $GITHUB_STEP_SUMMARY |
|
|
||
| if [[ "${{ needs.publish-nuget.result }}" == "success" ]]; then | ||
| echo "" >> $GITHUB_STEP_SUMMARY | ||
| echo "**.NET Tool:** Published to nuget.org" >> $GITHUB_STEP_SUMMARY |
There was a problem hiding this comment.
publish-summary reports ".NET Tool: Published to nuget.org" when the publish-nuget job succeeds, but the actual push step is skipped if NUGET_API_KEY is not set. Since the job still succeeds in that case, the summary can incorrectly claim publication; consider gating the message on the presence of the secret and/or on a push-step output indicating a publish actually happened.
| echo "**.NET Tool:** Published to nuget.org" >> $GITHUB_STEP_SUMMARY | |
| echo "**.NET Tool:** NuGet publish job completed (push may be skipped if NUGET_API_KEY is not set)" >> $GITHUB_STEP_SUMMARY |
| echo "$HOMEBREW_TAP_DEPLOY_KEY" > ~/.ssh/homebrew_tap_key | ||
| chmod 600 ~/.ssh/homebrew_tap_key | ||
| ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null | ||
| export GIT_SSH_COMMAND="ssh -i ~/.ssh/homebrew_tap_key -o StrictHostKeyChecking=no" |
There was a problem hiding this comment.
The Homebrew tap update disables SSH host key checking (StrictHostKeyChecking=no) even though known_hosts is populated. This weakens protection against MITM and is avoidable here; prefer relying on a pinned host key in known_hosts (or at least remove StrictHostKeyChecking=no) so the deploy key cannot be used against an unexpected host.
| export GIT_SSH_COMMAND="ssh -i ~/.ssh/homebrew_tap_key -o StrictHostKeyChecking=no" | |
| export GIT_SSH_COMMAND="ssh -i ~/.ssh/homebrew_tap_key" |
|
|
||
| # Clone the tap repo | ||
| git clone git@github.com:GordonBeeming/homebrew-tap.git /tmp/homebrew-tap | ||
|
|
There was a problem hiding this comment.
The tap update assumes /tmp/homebrew-tap/Formula/ already exists. If the tap repo is newly created or doesn't have that directory, the cat > /tmp/homebrew-tap/Formula/copilot_here.rb step will fail. Consider adding a mkdir -p /tmp/homebrew-tap/Formula before writing the file to make the workflow robust.
| # Ensure Formula directory exists | |
| mkdir -p /tmp/homebrew-tap/Formula |
| git commit -m "Update copilot_here to $VERSION" | ||
| git push |
There was a problem hiding this comment.
The Homebrew tap commit/push will fail the workflow when there are no changes (e.g., rerunning the workflow for the same version/tag), because git commit exits non-zero on a clean index. Consider checking git diff --quiet (and skipping commit/push) or allowing a no-op commit step so reruns don’t break publishing.
| git commit -m "Update copilot_here to $VERSION" | |
| git push | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit in Homebrew tap; skipping commit and push." | |
| else | |
| git commit -m "Update copilot_here to $VERSION" | |
| git push | |
| fi |
This pull request adds automated distribution of the
copilot_hereCLI via major package managers (NuGet, Homebrew, WinGet), along with the necessary workflow, packaging, and documentation updates. The changes enable publishing the CLI as a .NET global tool, updating a Homebrew tap formula, and submitting WinGet manifests—all directly from CI on release. The project files and documentation are updated to support these new distribution methods.Automated Package Manager Distribution
publish-nugetjob to.github/workflows/publish.ymlfor publishing the CLI as a .NET tool to NuGet, extracting the version and pushing to nuget.org if the secret is present.Project and Packaging Updates
CopilotHere.csprojto support .NET Tool packaging, adding metadata (authors, description, license, tags, etc.), disables AOT and trimming when packing as a tool, and ensures README and LICENSE are included in the NuGet package [1] [2].packaging/homebrew/Formula/copilot_here.rb) for tap automation.packaging/winget/GordonBeeming.CopilotHere.yaml,GordonBeeming.CopilotHere.installer.yaml,GordonBeeming.CopilotHere.locale.en-US.yaml) [1] [2] [3].Documentation
packaging/SETUP.mddescribing required setup, secrets, and usage for NuGet, Homebrew, and WinGet distribution automation.Other
LICENSE.These changes streamline and automate the distribution of
copilot_hereacross popular package managers, making installation and updates easier for users.