Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the WinGet publish pipeline to stop assuming a legacy installer asset name and instead verify/log the exact release asset URLs defined by the restored WinGet manifest snapshot (which is the artifact produced by the successful Release workflow run). It also updates the checked-in WinGet installer manifest hash for v1.5.7 and documents the March 15, 2026 failure/recovery in release documentation.
Changes:
- Update the WinGet publish workflow to discover
InstallerUrlvalues fromwinget/SevIQ.ThemeToggle.installer.yamland verify those URLs exist for the target GitHub release tag. - Sync
InstallerSha256in the WinGet installer manifest forv1.5.7to the portable ZIP’s current digest. - Add release documentation notes describing the WinGet publish failure mode and the manifest-driven approach.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
winget/SevIQ.ThemeToggle.installer.yaml |
Updates the InstallerSha256 for the v1.5.7 portable ZIP entry. |
docs/RELEASE_NOTES.md |
Records the WinGet publish failure cause and the workflow fix in Unreleased notes. |
docs/RELEASE.md |
Documents that WinGet publish/validation must be driven by restored manifest InstallerUrl values (not reconstructed filenames). |
.github/workflows/winget-publish.yml |
Switches asset verification/logging from hard-coded filenames to manifest-declared InstallerUrl values, with tag scoping validation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b07b2cfac1
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| paths: | ||
| - 'winget/**' | ||
| - 'tools/validate-winget.ps1' | ||
| - 'tools/validate-release-workflow.ps1' | ||
| - 'tools/bump-version.ps1' |
There was a problem hiding this comment.
This workflow now enforces release-flow invariants via tools/validate-release-workflow.ps1, and that script explicitly checks tools\validate.bat, but tools/validate.bat is not included in the paths filters here. As a result, a PR that only changes tools/validate.bat can bypass this CI check entirely, so regressions in local validation wiring can merge unnoticed; include tools/validate.bat in both push and pull_request path lists.
Useful? React with 👍 / 👎.
What
Fix the WinGet publish workflow to validate and log the release asset URLs declared by the restored manifest snapshot instead of hard-coding an old installer filename.
Why
The Publish to WinGet run for �1.5.7 failed on March 15, 2026 because it still probed ThemeToggle-Setup-1.5.7.exe, but the signed release only published ThemeToggle.exe and ThemeToggle-Portable.zip.
This PR also syncs the checked-in winget manifest hash to the live �1.5.7 portable ZIP digest and records the failure/recovery in the release docs.
Testing