Update CI workflows and project files for improved package management and versioning

[Shane32]

Summary by CodeRabbit

• Chores

  • CI now triggers from published release tags, uses .NET 8, and upgrades core workflow actions.
  • Packaging and publish flow consolidated into a single pack-and-publish pipeline with token-based auth, simplified artifact handling, and automated release-asset uploads; legacy per-project steps removed.

• Documentation

  • README is now included in the XAML package to improve package feed visibility.

• Versioning

  • Versioning switched to a VersionPrefix with a “-preview” prerelease suffix.

[coderabbitai]

📝 Walkthrough

Walkthrough

Consolidates CI/release workflows: upgrades actions to v5, centralizes packaging to a single dotnet pack producing out/* artifacts uploaded as release assets, adds NuGet source/token handling, changes Directory.Build.props to use VersionPrefix with -preview, and alters README inclusion in one csproj.

Changes

Cohort / File(s)	Summary
CI workflow overhaul .github/workflows/wf-build-release-ci.yml	Removes workflow_dispatch, upgrades actions/checkout and actions/setup-dotnet to v5, consolidates restore/build/pack into a single bash dotnet pack step, adds NuGet source URL and NUGET_AUTH_TOKEN env handling, uploads out/* artifacts, and removes per-project pack/push steps and GH_PKG_SEC.
Release workflow overhaul .github/workflows/wf-build-release.yml	Changes trigger to release.published, adds guard to ensure refs/tags/*, derives version from the tag, upgrades actions/checkout/setup-dotnet to v5 (dotnet 8.0.x), packs to out/ using derived version, uploads out/* as release assets via a GitHub Script, and removes multi-stage test/publish steps (Codecov, per-package pushes).
Versioning property change Directory.Build.props	Replaces <Version>1.6.1</Version> with <VersionPrefix>1.6.1-preview</VersionPrefix> and shortens the adjacent comment.
Packaging metadata tweak QRCoder.Xaml/QRCoder.Xaml.csproj	Changes README.md packaging ItemGroup entry from Update to Include, affecting how README is included in package content.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant GH as GitHub (release)
  participant WF as Workflow
  participant SDK as dotnet SDK
  participant Art as Release Assets

  rect rgb(230,245,255)
    Dev->>GH: Create/publish release (tag)
    GH-->>WF: Trigger release.published
    WF->>WF: verify refs/tags/*\nderive version from tag
  end

  rect rgb(245,255,230)
    WF->>SDK: dotnet pack --output out/ /p:PackageVersion=<derived>
    WF->>Art: Upload files in out/* as release assets (GitHub API)
  end

  rect rgb(255,245,230)
    opt optional NuGet push
      WF->>SDK: dotnet nuget push out/*.nupkg --source configured --api-key NUGET_AUTH_TOKEN
    end
  end

Loading

sequenceDiagram
  autonumber
  participant Repo as Repo (push/PR)
  participant CI as CI Workflow
  participant SDK as dotnet SDK
  participant Art as Artifacts

  Repo-->>CI: Trigger CI workflow
  CI->>SDK: dotnet pack -> out/
  CI->>Art: Upload out/* artifacts
  opt configured publish
    CI->>SDK: Push packages to NuGet/source (token)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Update CI workflow for pushing to master #623 — Overlaps in CI packaging/publish workflow changes and NuGet credential/pack-push updates.
• Cleanup project files; configure Directory.Build.props #628 — Related edits to project packaging and Directory.Build.props versioning.
• Update repo links; use main readme for NuGet #619 — Related README inclusion/packaging changes in csproj files.

Suggested reviewers

• gfoidl
• codebude

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately captures the essence of the changes by referencing both the CI workflow updates and the project file adjustments, and it clearly indicates that the goal is to improve package management and versioning without including extraneous details or vague language.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

Directory.Build.props (1)

14-14: Consider the prerelease suffix strategy.

The -preview suffix in VersionPrefix means all builds (including release builds) will be marked as prerelease by default. The release workflow overrides this with -p:Version=$version, which works, but it creates an inconsistency where:

• CI builds: 1.6.1-preview.{BUILD_NUMBER}
• Release builds: Version from tag (e.g., 1.6.1)

If this is intentional to mark non-release builds as preview, this is fine. However, if release builds should use 1.6.1 without -preview, consider:

1. Using <VersionPrefix>1.6.1</VersionPrefix> (without -preview)
2. Having CI workflow add prerelease suffix: -p:VersionSuffix=preview.$GITHUB_RUN_NUMBER

This would make the versioning strategy clearer and ensure release builds use clean version numbers by default.

.github/workflows/wf-build-release.yml (1)

47-48: Misleading step name.

The step name says "Publish packages to Github packages" but it's actually publishing to NuGet.org (configured in the setup-dotnet step at line 34). Consider renaming to "Publish packages to NuGet.org" for clarity.

-    - name: Publish packages to Github packages
+    - name: Publish packages to NuGet.org
       run: dotnet nuget push "out/*" -k ${{secrets.NUGET_AUTH_TOKEN}}

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84f4906 and d591885.

📒 Files selected for processing (4)

• .github/workflows/wf-build-release-ci.yml (2 hunks)
• .github/workflows/wf-build-release.yml (1 hunks)
• Directory.Build.props (1 hunks)
• QRCoder.Xaml/QRCoder.Xaml.csproj (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/wf-build-release.yml

51-51: the runner of "actions/github-script@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build
• GitHub Check: additional-tests

🔇 Additional comments (11)

.github/workflows/wf-build-release-ci.yml (5)

18-18: LGTM! Actions upgraded to v5.

The checkout and setup-dotnet actions have been upgraded from v4 to v5, which is the latest version and includes security improvements and new features.

Also applies to: 22-22, 80-80, 84-84

---

87-89: LGTM! NuGet source configured for GitHub Packages.

The NuGet source configuration correctly points to the GitHub Packages repository and uses the GITHUB_TOKEN for authentication, which is the standard approach for publishing to GitHub Packages.

---

91-92: Consolidated packing step improves workflow efficiency.

The workflow now consolidates build and pack into a single step, which simplifies the CI process. The version will be formatted as 1.6.1-preview.{BUILD_NUMBER} by combining:

• VersionPrefix from Directory.Build.props: 1.6.1-preview
• VersionSuffix from this command: $GITHUB_RUN_NUMBER

This results in versions like 1.6.1-preview.1234 for CI builds, clearly distinguishing them from release builds.

---

94-98: LGTM! Artifact upload preserves build outputs.

The artifact upload step correctly captures all NuGet packages from the output directory, making them available for download and inspection.

---

100-101: LGTM! Simplified NuGet push command.

The push command correctly uses a wildcard pattern to publish all packages and authenticates with the GITHUB_TOKEN, working in conjunction with the NuGet source configured in the setup-dotnet step.

.github/workflows/wf-build-release.yml (5)

1-6: LGTM! Release-driven workflow trigger.

The workflow now triggers automatically on release publication, which streamlines the release process and ensures consistency between GitHub releases and NuGet package publication.

---

15-20: LGTM! Defensive validation for tag references.

The validation step ensures the workflow only processes tag-based releases, preventing accidental execution on non-tag refs. The error message clearly indicates the failure reason.

---

30-36: LGTM! NuGet source configured for public package publishing.

The .NET SDK setup correctly configures NuGet.org as the source and uses the NUGET_AUTH_TOKEN secret for authentication, which is the standard approach for publishing public NuGet packages.

---

38-39: LGTM! Version override for clean release versions.

The pack command correctly overrides the Version property with the extracted tag version, ensuring release packages have clean version numbers (e.g., 1.6.1) instead of the preview suffix from VersionPrefix in Directory.Build.props.

---

22-28: Handle optional v prefix in version extraction.
Extraction via ${github_ref:10} removes refs/tags/ but retains a leading v (e.g., v1.2.3). Ensure downstream commands accept this or strip it with:

version="${version#v}"

QRCoder.Xaml/QRCoder.Xaml.csproj (1)

32-32: README.md presence confirmed
README.md exists in QRCoder.Xaml with appropriate content for packaging.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d591885 and ea36509.

📒 Files selected for processing (1)

• .github/workflows/wf-build-release.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ea36509 and bb4c730.

📒 Files selected for processing (1)

• .github/workflows/wf-build-release.yml (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: additional-tests
• GitHub Check: build

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bb4c730 and 8ed4c93.

📒 Files selected for processing (2)

• .github/workflows/wf-build-release-ci.yml (2 hunks)
• .github/workflows/wf-build-release.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/wf-build-release-ci.yml

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e1fbb09 and 5d5b524.

📒 Files selected for processing (1)

• .github/workflows/wf-build-release-ci.yml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: additional-tests
• GitHub Check: build

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Directory.Build.props (1)

13-14: Consider separating version prefix and suffix for better flexibility.

The change to VersionPrefix is appropriate, but the conventional MSBuild pattern separates the numeric version from the pre-release identifier:

<VersionPrefix>1.6.1</VersionPrefix>
<VersionSuffix>preview</VersionSuffix>

This approach provides more flexibility for CI/CD workflows to manipulate version components independently (e.g., switching between preview, beta, or removing the suffix for release builds).

However, if the CI workflows are designed to override this value from repository tags, the current approach may work fine.

Please verify that the CI/CD workflows correctly handle the version format and can override or manipulate it as needed for different build scenarios (development, preview, release).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5d5b524 and d47e53f.

📒 Files selected for processing (1)

• Directory.Build.props (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: additional-tests
• GitHub Check: build
• GitHub Check: format