Skip to content

Add MSAL.NET Release Agent — automated release workflow#5997

Closed
gladjohn wants to merge 1 commit into
mainfrom
feature/msal-release-agent
Closed

Add MSAL.NET Release Agent — automated release workflow#5997
gladjohn wants to merge 1 commit into
mainfrom
feature/msal-release-agent

Conversation

@gladjohn
Copy link
Copy Markdown
Contributor

@gladjohn gladjohn commented May 8, 2026

MSAL.NET Release Agent 🤖

Introduces a master agent framework and the first sub-agent: Release Agent — automating the MSAL.NET release process end-to-end.

Problem

MSAL releases currently take ~120 minutes with ~15 manual checklist items tracked in a spreadsheet. Steps include verifying package signing, checking TSA/CG portals, publishing to NuGet, creating GitHub releases, and more.

Solution

This PR adds:

1. Master Agent (AGENTS.md)

  • Orchestrates sub-agents for MSAL.NET workflows
  • Extensible — future agents for triage, dependencies, samples, perf

2. Release Agent (.github/agents/release/AGENT.md)

  • Documents the full release flow with 5 automated pre-release checks:
    • ✅ Package signing verification (7 packages)
    • ✅ Build warnings audit (filters known-safe)
    • ✅ TSA security bugs check
    • ✅ Component Governance alerts check
    • ✅ SDL/Compliance verification
  • Pipeline variable documentation (MicrosoftIdentityClientVersion, Release.IDDP, Release.NuGet)
  • Known flaky test documentation
  • Post-release automation flow

3. Post-Release GitHub Action (.github/workflows/post-release.yml)

  • Generates release report → build/release-logs/release-{version}.md
  • Moves PublicAPI.Unshipped.txtPublicAPI.Shipped.txt
  • Closes GitHub milestone
  • Creates GitHub Release (extracts notes from CHANGELOG.md)
  • Notifies Teams release channel
  • Creates a single post-release summary PR

4. Release Logs (build/release-logs/README.md)

  • Permanent record of every release with validation results

Architecture

MSAL.NET Master Agent (AGENTS.md)
└── Release Agent (.github/agents/release/)
    ├── Pre-release validation (5 automated checks)
    ├── Pipeline trigger (OneBranch ADO pipeline)
    ├── Post-release automation (GitHub Action)
    └── Release report generation (build/release-logs/)

Files Changed

File Purpose
AGENTS.md Master agent definition
.github/agents/release/AGENT.md Release agent docs & instructions
.github/workflows/post-release.yml Post-release GitHub Action
build/release-logs/README.md Release logs directory docs

Target: ~120 min → ~15 min release time

The only manual step remaining is the approval gate before NuGet publish.

Next Steps

  • Integrate pre-release checks into the OneBranch pipeline
  • Add build retention lease to post-NuGet-publish stage
  • Wire ADO pipeline to trigger the GitHub Action on successful publish
  • Test with a dry-run release (build 1633064 currently running with v4.83.3)

This PR was created as part of the MSAL release automation initiative. Build 1633064 is currently running as a test.

@gladjohn
Add MSAL.NET Release Agent and post-release automation
95ba1c3 
- Add master AGENTS.md for MSAL.NET agent orchestration
- Add Release Agent (.github/agents/release/AGENT.md) with:
  - 5 pre-release validation checks (signing, warnings, TSA, CG, SDL)
  - Pipeline variable documentation
  - Post-release automation flow
  - Known flaky test documentation
- Add post-release GitHub Action (.github/workflows/post-release.yml):
  - Generates release report in build/release-logs/
  - Moves PublicAPI.Unshipped → Shipped
  - Closes GitHub milestone
  - Creates GitHub Release from CHANGELOG.md
  - Notifies Teams release channel
  - Creates single post-release summary PR
- Add build/release-logs/README.md
- Add indefinite build retention via ADO retention lease

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 8, 2026 17:25
@gladjohn gladjohn requested a review from a team as a code owner May 8, 2026 17:25
@gladjohn gladjohn closed this May 8, 2026
@gladjohn gladjohn deleted the feature/msal-release-agent branch May 8, 2026 17:27
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a documented “master agent” + a Release Agent playbook and introduces a workflow_dispatch GitHub Action intended to automate MSAL.NET post-release tasks (release report + PublicAPI roll-forward, milestone closure, GitHub Release creation, Teams notification).

Changes:

  • Adds repo-level and release-specific agent documentation (AGENTS.md, .github/agents/release/AGENT.md).
  • Introduces Post-Release Summary GitHub Action to generate a release report and create a post-release PR, plus milestone/release/Teams steps.
  • Adds build/release-logs/README.md documenting the release report log structure.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
build/release-logs/README.md Documents the expected structure/content of generated release reports.
AGENTS.md Defines the master “agent” entrypoint and points to sub-agents.
.github/workflows/post-release.yml Implements the post-release automation workflow (report, PublicAPI move, PR, milestone, release, Teams).
.github/agents/release/AGENT.md Documents the intended end-to-end release flow and pre/post release steps.

Comment thread AGENTS.md
Comment on lines +7 to +10
| Agent | Description | Location |
|-------|-------------|----------|
| **Release Agent** | Automates MSAL.NET NuGet releases end-to-end | [`.github/agents/release/`](.github/agents/release/) |

Comment thread .github/agents/release/AGENT.md
Comment on lines +63 to +68
| Variable | Value | Behavior |
|----------|-------|----------|
| `MicrosoftIdentityClientVersion` | *(user-provided)* | The version to release |
| `Release.IDDP` | `true` | Always set — publish to IDDP feed |
| `Release.NuGet` | `true` | Always set — publish to NuGet.org |

Comment thread .github/workflows/post-release.yml
Comment on lines +244 to +249
# Only notify if the webhook secret is configured
if: ${{ vars.TEAMS_WEBHOOK_URL != '' || secrets.TEAMS_WEBHOOK_URL != '' }}
steps:
- name: Post to Teams
env:
TEAMS_WEBHOOK_URL: ${{ secrets.TEAMS_WEBHOOK_URL }}
Comment thread .github/workflows/post-release.yml
Comment on lines +227 to +235
await github.rest.repos.createRelease({
owner: context.repo.owner,
repo: context.repo.repo,
tag_name: version,
name: `MSAL.NET ${version}`,
body: body,
draft: false,
prerelease: false,
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gladjohn