Conversation
There was a problem hiding this comment.
Pull request overview
This PR modernizes the release workflow by adding manual trigger support, upgrading GitHub Actions dependencies, adding code quality checks, and enabling automated marketplace publishing. However, it contains critical issues with non-existent action versions that will prevent the workflow from running.
Changes:
- Added
workflow_dispatchtrigger for manual workflow execution - Upgraded GitHub Actions to v6 (checkout and setup-node)
- Added lint step for code quality enforcement before release
- Added artifact upload for built VSIX packages
- Enabled automatic publishing to VS Code Marketplace with conditional guards
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Package extension | ||
| run: | | ||
| npx @vscode/vsce package | ||
|
|
||
| - name: Extract changelog for version | ||
| id: changelog | ||
| run: | | ||
| VERSION=${GITHUB_REF#refs/tags/v} | ||
| # Extract changelog section for this version | ||
| sed -n "/## \[$VERSION\]/,/## \[/p" CHANGELOG.md | sed '$d' > release_notes.md | ||
| if [ ! -s release_notes.md ]; then | ||
| echo "No changelog found for version $VERSION" | ||
| echo "# Release $VERSION" > release_notes.md | ||
| echo "See CHANGELOG.md for details." >> release_notes.md | ||
| fi | ||
| - name: Upload Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: vsix-package | ||
| path: '*.vsix' |
There was a problem hiding this comment.
The workflow will fail when triggered by workflow_dispatch because steps that depend on tag information will be skipped due to the if: startsWith(github.ref, 'refs/tags/') condition, but the "Package extension" and "Upload Artifact" steps will still run. This creates an inconsistent state where artifacts are uploaded without a corresponding release. Consider either adding the same conditional to the packaging and upload steps, or restructure the workflow to handle manual runs differently.
| # if: secrets.OVSX_PAT != null | ||
| - name: Publish to VS Code Marketplace | ||
| if: startsWith(github.ref, 'refs/tags/') | ||
| run: npx @vscode/vsce publish --packagePath *.vsix -p ${{ secrets.VSCE_PAT }} |
There was a problem hiding this comment.
The publish step uses the -p flag to pass the secret directly on the command line. This could expose the secret in process listings or logs. Use the VSCE_PAT environment variable instead by setting it in an env: block and using the --pat flag without a value, which will cause vsce to read from the environment variable.
| run: npx @vscode/vsce publish --packagePath *.vsix -p ${{ secrets.VSCE_PAT }} | |
| env: | |
| VSCE_PAT: ${{ secrets.VSCE_PAT }} | |
| run: npx @vscode/vsce publish --packagePath *.vsix --pat |
1 participant
This pull request updates the release workflow in
.github/workflows/release.ymlto improve automation, code quality checks, and publishing steps. The most important changes include upgrading GitHub Actions dependencies, adding linting, automating artifact uploads, and enabling publishing to the VS Code Marketplace.Workflow improvements and automation:
workflow_dispatchtrigger to allow manual workflow runs.actions/checkoutandactions/setup-nodeto version 6 for better reliability and future support.npm run lint) to enforce code quality before releasing..vsixpackage as an artifact usingactions/upload-artifact@v4.if: startsWith(github.ref, 'refs/tags/')). [1] [2]Publishing enhancements:
.vsixartifact and theVSCE_PATsecret.