Skip to content

Add step in publish pipeline to create PR to azure-sdk-for-net #7426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Add step in publish pipeline to create PR to azure-sdk-for-net #7426

wants to merge 3 commits into from

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented May 21, 2025
edited
Loading

This PR adds automation to create a pull request in the Azure SDK for .NET repository that updates the dependency on http-client-csharp when a new version is published.

Implementation Details

  1. Created a new script in internal-build-utils package:

    • Added create-azure-sdk-for-net-pr.ts to handle PR creation
    • Added http-client.ts for GitHub API requests
    • Updated the CLI to include a new command for creating PRs

  2. Modified the http-client-csharp publish pipeline:

    • Added a new stage that runs after successful publish
    • Calls the PR creation command with proper parameters
    • Only runs on the main branch (not on PRs)

  3. Added documentation:

    • Created a CONTRIBUTING.md for http-client-csharp
    • Documented the automated PR creation process and manual fallback

How It Works

When a new version of http-client-csharp is published from the main branch:

  1. The script clones the azure-sdk-for-net repository
  2. Creates a new branch
  3. Updates the Microsoft.TypeSpec.Generator.ClientModel package reference in Directory.Packages.props
  4. Creates a PR with appropriate title and description including a link back to the original TypeSpec PR

This automation helps ensure that the Azure SDK for .NET always uses the latest version of the TypeSpec-generated client components, improving consistency across repositories.

Fixes #7110.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@microsoft-github-policy-service microsoft-github-policy-service bot added compiler:core Issues for @typespec/compiler compiler:emitter-framework Issues for the emitter framework ide Issues for VS, VSCode, Monaco, etc. lib:http lib:openapi lib:rest lib:versioning lib:http-specs For issues/prs related to the @typespec/http-specs package meta:blog Blog updates meta:website TypeSpec.io updates tspd Issues for the tspd tool emitter:client:all General issue for client emitters emitter:client:js Issue for the JS client emitter: @typespec/http-client-js emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp emitter:client:java Issue for the Java client emitter: @typespec/http-client-java emitter:client:python Issue for the Python client emitter: @typespec/http-client-python emitter:graphql Issues for @typespec/graphql emitter emitter:json-schema emitter:protobuf The protobuf emitter emitter:openapi3 Issues for @typespec/openapi3 emitter openapi3:converter Issues for @typespec/openapi3 openapi to typespec converter emitter:service:csharp emitter:service:js emitter:service:java Issue for Java service emitter eng ui:playground labels May 21, 2025
@Copilot Copilot AI requested a review from JoshLove-msft May 21, 2025 19:35
Copilot finished work on behalf of JoshLove-msft May 21, 2025 19:35
@timotheeguerin timotheeguerin removed ide Issues for VS, VSCode, Monaco, etc. eng emitter:protobuf The protobuf emitter emitter:json-schema meta:website TypeSpec.io updates meta:blog Blog updates tspd Issues for the tspd tool compiler:core Issues for @typespec/compiler compiler:emitter-framework Issues for the emitter framework emitter:service:csharp emitter:service:js lib:versioning lib:http lib:openapi lib:rest emitter:openapi3 Issues for @typespec/openapi3 emitter openapi3:converter Issues for @typespec/openapi3 openapi to typespec converter ui:playground ui:type-graph-viewer emitter:client:java Issue for the Java client emitter: @typespec/http-client-java emitter:client:python Issue for the Python client emitter: @typespec/http-client-python emitter:service:java Issue for Java service emitter emitter:graphql Issues for @typespec/graphql emitter spector Issues related to spector and the spec sets lib:http-specs For issues/prs related to the @typespec/http-specs package emitter:client:all General issue for client emitters emitter:client:js Issue for the JS client emitter: @typespec/http-client-js labels May 23, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems May 23, 2025
View reviewed changes
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
try {
// Clone the repository
console.log(`Cloning azure-sdk-for-net repository...`);
execSync(`git clone https://github.com/Azure/azure-sdk-for-net.git ${tempDir}`, {

Check warning

Code scanning / CodeQL

Shell command built from environment values Medium

This shell command depends on an uncontrolled
absolute path
Loading
.

Copilot Autofix

AI 5 days ago

To fix the issue, we will replace the use of execSync with execFileSync and pass the arguments separately instead of interpolating them into the shell command. This approach avoids shell interpretation of the tempDir value, mitigating the risk of command injection or unintended behavior.

Specifically:

  1. Replace the execSync call on line 49 with execFileSync.
  2. Pass the git command and its arguments as separate parameters to execFileSync.
  3. Ensure that the tempDir value is passed as an argument, not interpolated into the command string.
Suggested changeset 1
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
--- a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
+++ b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
@@ -1,3 +1,3 @@
 /* eslint-disable no-console */
-import { execSync } from "child_process";
+import { execFileSync, execSync } from "child_process";
 import { mkdirSync, writeFileSync, readFileSync } from "fs";
@@ -48,3 +48,3 @@
     console.log(`Cloning azure-sdk-for-net repository...`);
-    execSync(`git clone https://github.com/Azure/azure-sdk-for-net.git ${tempDir}`, {
+    execFileSync("git", ["clone", "https://github.com/Azure/azure-sdk-for-net.git", tempDir], {
       stdio: "inherit",
EOF
@@ -1,3 +1,3 @@
/* eslint-disable no-console */
import { execSync } from "child_process";
import { execFileSync, execSync } from "child_process";
import { mkdirSync, writeFileSync, readFileSync } from "fs";
@@ -48,3 +48,3 @@
console.log(`Cloning azure-sdk-for-net repository...`);
execSync(`git clone https://github.com/Azure/azure-sdk-for-net.git ${tempDir}`, {
execFileSync("git", ["clone", "https://github.com/Azure/azure-sdk-for-net.git", tempDir], {
stdio: "inherit",
Copilot is powered by AI and may make mistakes. Always verify output.
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts

// Create a new branch
console.log(`Creating branch ${branchName}...`);
execSync(`git checkout -b ${branchName}`, {

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.

Copilot Autofix

AI 5 days ago

To fix the issue, we should avoid directly interpolating the branchName into the shell command string. Instead, we can use the execFileSync method from the child_process module, which allows us to pass arguments as an array. This approach avoids shell interpretation of special characters in the input, mitigating the risk of shell injection.

Specifically:

  1. Replace the execSync call on line 65 with execFileSync, passing the branchName as an argument in an array.
  2. Ensure that the branchName is validated or sanitized before use to prevent any unintended behavior.
Suggested changeset 1
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
--- a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
+++ b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
@@ -1,3 +1,3 @@
 /* eslint-disable no-console */
-import { execSync } from "child_process";
+import { execSync, execFileSync } from "child_process";
 import { mkdirSync, writeFileSync, readFileSync } from "fs";
@@ -64,3 +64,3 @@
     console.log(`Creating branch ${branchName}...`);
-    execSync(`git checkout -b ${branchName}`, {
+    execFileSync("git", ["checkout", "-b", branchName], {
       stdio: "inherit",
EOF
@@ -1,3 +1,3 @@
/* eslint-disable no-console */
import { execSync } from "child_process";
import { execSync, execFileSync } from "child_process";
import { mkdirSync, writeFileSync, readFileSync } from "fs";
@@ -64,3 +64,3 @@
console.log(`Creating branch ${branchName}...`);
execSync(`git checkout -b ${branchName}`, {
execFileSync("git", ["checkout", "-b", branchName], {
stdio: "inherit",
Copilot is powered by AI and may make mistakes. Always verify output.
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
// Push the branch
console.log(`Pushing branch to remote...`);
// Using HTTPS with token for auth
const remoteUrl = `https://${githubToken}@github.com/Azure/azure-sdk-for-net.git`;

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.

Copilot Autofix

AI 5 days ago

To fix the issue, we should avoid directly embedding the githubToken into the shell command string. Instead, we can use a safer API like child_process.execFile to pass the arguments as an array, which avoids interpretation by the shell. Since execFile does not support inline authentication in the URL, we can use the git command's -c option to set the http.extraheader configuration for authentication.

This approach ensures that the githubToken is not interpreted by the shell, mitigating the risk of command injection.

Suggested changeset 1
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
--- a/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
+++ b/packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
@@ -97,4 +97,4 @@
     // Using HTTPS with token for auth
-    const remoteUrl = `https://${githubToken}@github.com/Azure/azure-sdk-for-net.git`;
-    execSync(`git push ${remoteUrl} ${branchName}`, {
+    const remoteUrl = "https://github.com/Azure/azure-sdk-for-net.git";
+    execSync("git", ["-c", `http.extraheader=Authorization: Bearer ${githubToken}`, "push", remoteUrl, branchName], {
       stdio: "inherit",
EOF
@@ -97,4 +97,4 @@
// Using HTTPS with token for auth
const remoteUrl = `https://${githubToken}@github.com/Azure/azure-sdk-for-net.git`;
execSync(`git push ${remoteUrl} ${branchName}`, {
const remoteUrl = "https://github.com/Azure/azure-sdk-for-net.git";
execSync("git", ["-c", `http.extraheader=Authorization: Bearer ${githubToken}`, "push", remoteUrl, branchName], {
stdio: "inherit",
Copilot is powered by AI and may make mistakes. Always verify output.
packages/internal-build-utils/src/create-azure-sdk-for-net-pr.ts
console.log(`Pushing branch to remote...`);
// Using HTTPS with token for auth
const remoteUrl = `https://${githubToken}@github.com/Azure/azure-sdk-for-net.git`;
execSync(`git push ${remoteUrl} ${branchName}`, {

Check warning

Code scanning / CodeQL

Unsafe shell command constructed from library input Medium

This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.
This string concatenation which depends on
library input
Loading
is later used in a
shell command
Loading
.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoshLove-msft JoshLove-msft Awaiting requested review from JoshLove-msft JoshLove-msft is a code owner

@m-nash m-nash Awaiting requested review from m-nash m-nash will be requested when the pull request is marked ready for review m-nash is a code owner

@jorgerangel-msft jorgerangel-msft Awaiting requested review from jorgerangel-msft jorgerangel-msft will be requested when the pull request is marked ready for review jorgerangel-msft is a code owner

@bterlson bterlson Awaiting requested review from bterlson bterlson will be requested when the pull request is marked ready for review bterlson is a code owner

@markcowl markcowl Awaiting requested review from markcowl markcowl will be requested when the pull request is marked ready for review markcowl is a code owner

@timotheeguerin timotheeguerin Awaiting requested review from timotheeguerin timotheeguerin will be requested when the pull request is marked ready for review timotheeguerin is a code owner

@witemple-msft witemple-msft Awaiting requested review from witemple-msft witemple-msft will be requested when the pull request is marked ready for review witemple-msft is a code owner

@chrisradek chrisradek Awaiting requested review from chrisradek chrisradek will be requested when the pull request is marked ready for review chrisradek is a code owner

@AlitzelMendez AlitzelMendez Awaiting requested review from AlitzelMendez AlitzelMendez will be requested when the pull request is marked ready for review AlitzelMendez is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@JoshLove-msft JoshLove-msft

Copilot code review Copilot

Labels
emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add step in publish pipeline to create PR to azure-sdk-for-net
3 participants
@Copilot @timotheeguerin @JoshLove-msft