feat: Publish git-dev nuget package on push to v4

[definitelynotagoblin]

Description

Right now SH and SHE PRs are tightly coupled to SHC latest stable, and so may not build if there are changes in SHC that haven't yet been published. With more devs on Sharphound now, this lockstep is starting to show us pain. So let's publish a 'git-dev' nuget package to reflect SHC main (that is, v4) that SH and SHE pipeline checks can build against

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Documentation updates are needed, and have been made accordingly.
• I have added and/or updated tests to cover my changes.
• All new and existing tests passed.
• My changes include a database migration.

Summary by CodeRabbit

Summary by CodeRabbit

• Chores
  • Introduced a new automated workflow triggered on the v4 branch that runs tests, generates coverage reports, packages and publishes updates, and deploys documentation to GitHub Pages.

[coderabbitai]

Walkthrough

A new GitHub Actions workflow file named git-dev.yml is introduced. This workflow is triggered on pushes to the v4 branch and defines two jobs: nuget (for building, testing, packaging, and publishing NuGet packages) and ghpages (for building and deploying documentation). The workflow uses both Windows and Ubuntu runners and incorporates artifact sharing and secret-based authentication.

Changes

File(s)	Change Summary
.github/workflows/git-dev.yml	Added a new GitHub Actions workflow with two jobs: nuget for build/test/pack/publish and ghpages for doc build and deployment.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant GitHub as GitHub Actions
    participant NugetJob as nuget job (Windows)
    participant GhPagesJob as ghpages job (Ubuntu)
    participant SpecterOps as SpecterOps Packages
    participant GitHubPages as GitHub Pages

    GitHub->>NugetJob: Trigger on push to v4
    NugetJob->>NugetJob: Checkout code, setup .NET, restore, test, pack
    NugetJob->>NugetJob: Upload coverage report as artifact
    NugetJob->>SpecterOps: Publish NuGet packages (using sleet)
    NugetJob-->>GhPagesJob: Signal completion

    GitHub->>GhPagesJob: Start after nuget job
    GhPagesJob->>GhPagesJob: Checkout code, download coverage artifact
    GhPagesJob->>GhPagesJob: Build docs with DocFX
    GhPagesJob->>GitHubPages: Deploy documentation to gh-pages branch

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐇
A workflow hops into the scene,
With NuGet packs and docs so clean.
From Windows builds to Ubuntu deploys,
Artifacts shared, oh what a joy!
On v4’s push, the bunnies cheer—
CI/CD magic, crystal clear!

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch git-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

.github/workflows/git-dev.yml (1)

36-39: Remove trailing whitespace for YAML-lint compliance

yamllint flags lines 36, 39, 48 and 56. Deleting the stray spaces keeps CI green without functional impact.

Also applies to: 48-48, 56-56

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bea975e and 84c7b40.

📒 Files selected for processing (1)

• .github/workflows/git-dev.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/git-dev.yml

[warning] 6-6: wrong indentation: expected 6 but found 8

(indentation)

---

[error] 36-36: trailing spaces

(trailing-spaces)

---

[error] 39-39: trailing spaces

(trailing-spaces)

---

[error] 48-48: trailing spaces

(trailing-spaces)

---

[error] 56-56: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (2)

.github/workflows/git-dev.yml (2)

26-34: Verify coverage artifact path exists

dotnet test alone won’t place results under docfx/coverage/report/. If the folder is missing the upload step will hard-fail the job. Confirm that:

• Coverlet / ReportGenerator is invoked by the test projects
• The target directory is created before the upload step

If not, either add the tool invocation or guard the upload with if: always() && exists('docfx/coverage/report').

---

53-55: sleet push likely needs an explicit feed configuration

Unless the repository root already contains .config/sleet.json, sleet push ./pkgs will error with “Unable to locate configuration”. Consider adding:

-  sleet push ./pkgs
+  sleet push --config ./sleet.json ./pkgs

and commit the feed config (with URL placeholders, no credentials) to the repo.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (2)

.github/workflows/git-dev.yml (2)

35-39: Hard-coded git-dev version will collide on every push (repeat feedback).

Identical package versions cause sleet push to fail on the second attempt. Append the commit SHA (or timestamp) to guarantee uniqueness.

-  dotnet pack --no-restore -c Release -p:PackageVersion=git-dev -o ./pkgs
+  dotnet pack --no-restore -c Release \
+    -p:PackageVersion=git-dev-${{ github.sha }} \
+    -o ./pkgs

---

3-6: Workflow triggers contradict PR intent – switch v4 to main.

The PR description says the package must publish “on push to main,” yet the workflow is wired to v4. If this is unintended you will silently never publish from main.

-on:
-  push:
-    branches:
-      - v4
+on:
+  push:
+    branches:
+      - main   # align with PR description

🧹 Nitpick comments (1)

.github/workflows/git-dev.yml (1)

36-56: Strip trailing whitespace to satisfy YAML linters.

Lines 36, 39, 48 and 56 contain trailing spaces flagged by YAML-lint; some CI setups treat this as an error.
Remove the extra blanks to keep the workflow linter-clean.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84c7b40 and e9534a2.

📒 Files selected for processing (1)

• .github/workflows/git-dev.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/git-dev.yml

[error] 36-36: trailing spaces

(trailing-spaces)

---

[error] 39-39: trailing spaces

(trailing-spaces)

---

[error] 48-48: trailing spaces

(trailing-spaces)

---

[error] 56-56: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

.github/workflows/git-dev.yml (1)

3-6: Trigger branch is still v4, contradicting the PR goal of publishing on main

The PR description states the package should publish on pushes to main, yet the workflow listens to v4. This will silently skip runs for the majority of pushes unless developers remember to push to that legacy branch.

-on:
-  push:
-    branches:
-      - v4
+on:
+  push:
+    branches:
+      - main   # align with PR objective

🧹 Nitpick comments (2)

.github/workflows/git-dev.yml (2)

35-39: Trailing whitespace – YAMLlint errors

Lines 36 and 39 contain stray spaces flagged by YAMLlint. They are harmless to GitHub Actions but break repo linting rules.

-      - name: Pack␠
+      - name: Pack
@@
-          dotnet pack --no-restore -c Release -p:PackageVersion=0.0.0-git-dev -o ./pkgs␠
+          dotnet pack --no-restore -c Release -p:PackageVersion=0.0.0-git-dev -o ./pkgs

---

49-56: Minor: additional trailing space and redundant blank line

Line 56 ends with a space; YAMLlint flags it. While here, the blank line after the command block is unnecessary.

-          sleet push ./pkgs --force␠
+          sleet push ./pkgs --force

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e9534a2 and 2254024.

📒 Files selected for processing (1)

• .github/workflows/git-dev.yml (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: definitelynotagoblin
PR: SpecterOps/SharpHoundCommon#229
File: .github/workflows/git-dev.yml:35-39
Timestamp: 2025-07-24T21:38:13.462Z
Learning: In the SpecterOps/SharpHoundCommon repository, the team prefers using `sleet push --force` to overwrite git-dev packages rather than creating unique versions with commit SHAs, as they want a single "current state" package for downstream consumers.

.github/workflows/git-dev.yml (1)

Learnt from: definitelynotagoblin
PR: #229
File: .github/workflows/git-dev.yml:35-39
Timestamp: 2025-07-24T21:38:13.462Z
Learning: In the SpecterOps/SharpHoundCommon repository, the team prefers using sleet push --force to overwrite git-dev packages rather than creating unique versions with commit SHAs, as they want a single "current state" package for downstream consumers.

🪛 YAMLlint (1.37.1)

.github/workflows/git-dev.yml

[error] 36-36: trailing spaces

(trailing-spaces)

---

[error] 39-39: trailing spaces

(trailing-spaces)

---

[error] 48-48: trailing spaces

(trailing-spaces)

---

[error] 56-56: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/git-dev.yml (1)

26-34: Verify that the coverage artefact path actually exists

dotnet test by itself will not create docfx/coverage/report/ unless a data-collector (e.g., Coverlet) or runsettings file is configured accordingly.
If the directory is missing the upload step will fail the job.

Please confirm the path or adjust the test command to generate coverage under that location.

[definitelynotagoblin]

This is just a copy of the existing build action, but specifically to build and push a git-dev nuget package on updates to the default v4 branch.