Summary
Improve the CD pipeline: extract a dedicated test gate before deployment, add multi-platform image support (amd64 + arm64), enable build provenance attestation, and tighten changelog generation.
Changes
Structure
- Extract a dedicated
test job (currently tests run inside release)
- Add
needs: test to the release job
- Add
id-token: write and attestations: write permissions to release job
Test job steps
- Checkout repository
- Set up .NET
- Restore dependencies
- Build (Release configuration)
- Run tests
Release job
- Add
linux/arm64 to platforms (currently linux/amd64 only)
- Set
provenance: false → provenance: mode=max
- Add
actions/attest-build-provenance@v4.1.0 step after image push with push-to-registry: true
- Add
--no-merges flag to changelog git log command
- Add empty changelog guard:
No new changes since $PREVIOUS_TAG when a previous tag exists, No changes (first release) otherwise
- Remove intermediate
changelog.txt file write (unused outside the step)
- Drop Quick Start section from release body (belongs in README)
Acceptance Criteria
Summary
Improve the CD pipeline: extract a dedicated test gate before deployment, add multi-platform image support (amd64 + arm64), enable build provenance attestation, and tighten changelog generation.
Changes
Structure
testjob (currently tests run insiderelease)needs: testto thereleasejobid-token: writeandattestations: writepermissions toreleasejobTest job steps
Release job
linux/arm64toplatforms(currentlylinux/amd64only)provenance: false→provenance: mode=maxactions/attest-build-provenance@v4.1.0step after image push withpush-to-registry: true--no-mergesflag to changeloggit logcommandNo new changes since $PREVIOUS_TAGwhen a previous tag exists,No changes (first release)otherwisechangelog.txtfile write (unused outside the step)Acceptance Criteria
v*.*.*-*tags and completes successfullytestjob fails fast if tests fail before any image is pushedlinux/amd64andlinux/arm64