Add .NET 9 Aspire project template with API, tests, and comprehensive CI/CD workflows

[Copilot]

This PR implements a complete .NET 9 project template with .NET Aspire orchestration, including automated CI/CD pipelines for testing, security analysis, and package publishing.

What's New

Project Structure

The template provides a modern cloud-native application structure using .NET Aspire:

• ASP.NET Core Web API - Minimal API with a sample weather forecast endpoint, configured with ServiceDefaults for built-in telemetry, service discovery, and resilience patterns
• .NET Aspire AppHost - Orchestration host that manages the API service and provides access to the Aspire Dashboard for monitoring
• ServiceDefaults Library - Shared configuration including OpenTelemetry, service discovery, HTTP resilience, and health check endpoints
• xUnit Test Project - Integration tests using both WebApplicationFactory (CI-friendly) and Aspire Testing (development environment)

GitHub Actions Workflows

Three comprehensive workflows provide automated CI/CD:

1. CI Workflow (ci.yml) - Runs on every pull request and push to main:

   • Installs .NET Aspire workload
   • Restores dependencies, builds, and runs tests
   • Collects code coverage with XPlat Code Coverage
   • Uploads coverage reports to Codecov

2. CodeQL Analysis (codeql-analysis.yml) - Security scanning that runs on:

   • Every push to main and pull request
   • Weekly schedule (Mondays at midnight)
   • Detects potential security vulnerabilities

3. Release Workflow (release.yml) - Automated releases on push to main:

   • Extracts version from Directory.Build.props
   • Builds, tests, and packs NuGet packages
   • Publishes to NuGet.org (with duplicate detection)
   • Creates GitHub releases with auto-generated release notes grouped by commit type (features, fixes, docs, other)
   • Tags releases and attaches NuGet packages

All workflows include explicit permissions configuration for security best practices.

Configuration & Documentation

• Directory.Build.props - Centralized version management and NuGet package metadata
• README.md - Comprehensive documentation covering getting started, project structure, API endpoints, development guidelines, and CI/CD configuration
• .editorconfig - Consistent code style configuration for C#, JSON, YAML, and other file types
• .gitignore - Updated to exclude Aspire-specific temporary files (.aspire/, *.dcplog)

Technical Details

All projects target .NET 9 for consistency. The test project includes both WebApplicationFactory tests (which run in CI) and Aspire integration tests (which are skipped in CI as they require the Development Control Plane).

The release workflow intelligently handles version management:

• Only publishes packages when the version is new
• Generates release notes by categorizing commits (feat, fix, docs)
• Creates GitHub releases only when packages are successfully published
• Handles duplicate package versions gracefully

Usage

Developers can start using this template immediately:

dotnet workload install aspire
dotnet restore
dotnet run --project src/ProjectTemplate.AppHost

The Aspire Dashboard will open automatically, providing real-time monitoring of the application with distributed tracing, metrics, and logs.

Related Issues

Resolves the request for a project template with Aspire, xUnit + WebApplicationFactory tests, and GitHub Actions pipelines for CI/testing and automated NuGet publishing with releases.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• go.microsoft.com

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

я хочу мати пустий проект з aspire степом для тестів а також на WEbApplicationFactory з xunut а також гітхаб папка з крутими єкшен пайалайенами для дощенту. які мають можилвіть записка тести для пр а коли в ман все змержно то запускати реліз який пабілшіт нугет пакети а також сторею реліз в гітхабі з реаізнотус. https://github.com/managedcode/Communication/blob/main/.github/workflows/ci.yml або https://github.com/managedcode/Communication/blob/main/.github/workflows/codeql-analysis.yml

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[KSemenenko]

@copilot я трошки набрехав, це темлейт для проект NuGet бібліотеки. але тести мають все одно мати вожливіть бути інтеграційними типу https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.testing.webapplicationfactory-1?view=aspnetcore-9.0 виротсвуються ось це. але головне це тести та пайлпани для гітахаба

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[Copilot]

Pull Request Overview

This PR establishes a complete .NET 9 project template with .NET Aspire orchestration, including a sample API, comprehensive testing infrastructure using both WebApplicationFactory and Aspire testing approaches, and three GitHub Actions workflows for continuous integration, security analysis, and automated releases.

Key Changes

• Created a cloud-native .NET 9 application structure with Aspire orchestration (AppHost, API, ServiceDefaults, and Tests projects)
• Implemented GitHub Actions workflows for CI/CD: build/test with code coverage (ci.yml), CodeQL security scanning (codeql-analysis.yml), and automated NuGet publishing with GitHub releases (release.yml)
• Added comprehensive documentation and configuration files including README, .editorconfig, and Directory.Build.props for centralized versioning

Reviewed Changes

Copilot reviewed 22 out of 23 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
ProjectTemplate.sln	Solution file organizing src and tests projects into solution folders
Directory.Build.props	Centralized version management (1.0.0) and NuGet package metadata
src/ProjectTemplate.Api/*	ASP.NET Core minimal API with weather forecast endpoint and ServiceDefaults integration
src/ProjectTemplate.AppHost/*	Aspire orchestration host with configuration for development environments
src/ProjectTemplate.ServiceDefaults/*	Shared library providing OpenTelemetry, service discovery, resilience patterns, and health checks
tests/ProjectTemplate.Tests/*	xUnit integration tests using both WebApplicationFactory and Aspire testing approaches
.github/workflows/ci.yml	CI workflow for pull requests with build, test, and Codecov integration
.github/workflows/codeql-analysis.yml	Security analysis workflow running on pushes, PRs, and weekly schedule
.github/workflows/release.yml	Release workflow automating NuGet publishing and GitHub release creation
README.md	Comprehensive documentation covering setup, usage, API endpoints, and CI/CD configuration
.editorconfig	Code style configuration for C#, JSON, YAML, and other file types

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[chatgpt-codex-connector]

💡 Codex Review

ProjectTemplate/.github/workflows/release.yml

Lines 13 to 17 in 3ddaeb8

	name: Build and Test
	runs-on: ubuntu-latest
	permissions:
	contents: read

Allow build job to upload artifacts

actions/upload-artifact@v4 requires the token to have actions: write, but the build job explicitly limits permissions to contents: read. Overriding permissions removes the default actions scope, so the upload step will fail with “Resource not accessible by integration” and the release workflow stops before producing packages. Add actions: write (or drop the permissions override) so artifacts can be uploaded.

---

ProjectTemplate/.github/workflows/release.yml

Lines 59 to 66 in 3ddaeb8

	publish-nuget:
	name: Publish to NuGet
	needs: build
	runs-on: ubuntu-latest
	if: github.ref == 'refs/heads/main'
	permissions:
	contents: read

Enable artifact download in publish job

The publish job downloads build artifacts but only grants the token contents: read. When permissions are restricted like this, the token loses the implicit actions: read scope required by actions/download-artifact@v5, so the download step cannot access the artifacts and the job will fail before pushing packages. Add actions: read (or remove the custom permissions block) for this job.

---

ProjectTemplate/.github/workflows/release.yml

Lines 124 to 131 in 3ddaeb8

	create-release:
	name: Create GitHub Release and Tag
	needs: publish-nuget
	runs-on: ubuntu-latest
	if: needs.publish-nuget.outputs.published == 'true'
	permissions:
	contents: write

Create-release job cannot fetch artifacts

The release job also calls actions/download-artifact@v5 but its permissions block only grants contents: write. Without actions: read, the token is forbidden from reading workflow artifacts and the step will error before the tag and release are created. Grant at least actions: read for this job so the artifacts uploaded earlier can be retrieved.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".