ci(cd): verify tag commit is reachable from master (#439)

[nanotaboada]

Summary

• Adds a "Verify tag commit is reachable from master" step to the release job in .github/workflows/dotnet-cd.yml
• Uses git merge-base --is-ancestor to check ancestry — direct exit code, no output parsing
• Placed immediately after "Checkout repository" and before "Extract version from tag" so the pipeline fails fast before any build or publish work

Closes #439

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores

  • Added a validation step in the release pipeline that blocks deployments if a release tag’s commit is not already present on the main branch, preventing incomplete releases from proceeding.

• Documentation

  • Updated the changelog to record the new release-pipeline verification step and its effect on deployment flow.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e9a08428-9617-4476-89c1-49345c36efc5

📥 Commits

Reviewing files that changed from the base of the PR and between 2a6349d and 6284e51.

📒 Files selected for processing (1)

• .github/workflows/dotnet-cd.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/dotnet-cd.yml

---

Walkthrough

A pre-release verification step was added to the CD workflow to confirm the tagged commit (github.sha) is reachable from origin/master using git merge-base --is-ancestor; the workflow fails early with a clear error if the check does not pass. CHANGELOG updated accordingly.

Changes

Cohort / File(s)	Summary
CD Workflow Verification .github/workflows/dotnet-cd.yml	Added a step "Verify tag commit is reachable from master" immediately after checkout that runs git merge-base --is-ancestor origin/master ${{ github.sha }} and exits with an error message when the check fails.
Documentation CHANGELOG.md	Added entry under Unreleased → Changed documenting the new pre-build/publish verification step for tag commit reachability.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Add verification step to check tag commit is reachable from master [#439]	✅
Place step immediately after repository checkout [#439]	✅
Fail early with descriptive error if tag commit not reachable from master [#439]	✅
Ensure step executes before build, test, or publish steps [#439]	✅

Possibly related issues

• Verify tag commit is reachable from master before release ts-node-samples-express-restful#556 — Adds the same pre-release tag reachability check to that project's CD workflow.
• Verify tag commit is reachable from master before release java.samples.spring.boot#292 — Implements a similar tag-ancestor guard in a Java Spring Boot workflow.
• Verify tag commit is reachable from master before release python-samples-fastapi-restful#549 — Introduces the identical git-ancestor verification step in a Python project's release workflow.

Possibly related PRs

• feat: implement tag-based deployment with stadium release names (#356) #357 — Modifies the same .github/workflows/dotnet-cd.yml workflow; likely the original workflow this PR augments.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title follows Conventional Commits format with 'ci(cd):' prefix, is descriptive and specific about adding a verification step, stays well under 80 characters (57 total), and directly corresponds to the main changes in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📋 Issue Planner

Built with CodeRabbit's Coding Plans for faster development and fewer bugs.

View plan used: #439

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ci/verify-tag-commit-reachable-from-master-439

• 🛠️ sync documentation: Commit on current branch
• 🛠️ sync documentation: Create PR
• 🛠️ enforce http error handling: Commit on current branch
• 🛠️ enforce http error handling: Create PR
• 🛠️ idiomatic review: Commit on current branch
• 🛠️ idiomatic review: Create PR
• 🛠️ verify api contract: Commit on current branch
• 🛠️ verify api contract: Create PR

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud