Add PR Build Distribution System (#55)

* Add PR build installation and restoration scripts

- Introduced `install-pr.ps1` and `install-pr.sh` for installing specific PR builds of the azd app extension.
- Added `restore-stable.ps1` and `restore-stable.sh` for restoring the stable version of the extension.
- Created documentation for PR build installation and testing in `pr-install-scripts.md` and `testing-pr-builds.md`.
- Enhanced error handling and user feedback in scripts for better usability.
- Updated README for scripts to include usage examples and troubleshooting tips.

* fix: use gh CLI instead of azd x release for PR builds

* fix: remove unnecessary cd cli command

* feat: run PR build after CI workflow passes

* fix: enable cleanup on PR close via pull_request_target

* fix: delete existing release and tag before creating new one

* fix: properly expand glob pattern for archive files

* debug: add logging to find packed archives location

* feat: add push trigger for prbuild branch testing

* fix: use base version for archive directory path

* fix: manually generate registry JSON instead of using azd x publish

* fix: use branch name for script URLs in PR comments

* fix: use correct registry JSON format with extensions array

* fix: use azd x publish to generate PR registry

* fix: post-process registry URLs to use custom PR tag

* fix: mirror release flow - use azd x release and standard tag format

* fix: specify artifacts path for azd x release

* fix: use \C:\Users\jong instead of ~ for artifacts path

* debug: add ls to see what files exist

* fix: use gh release create directly instead of azd x release

* fix: add GITHUB_TOKEN env to registry generation step

* fix: add release deletion check before creating new one

* fix: create empty registry file before azd x publish

* fix: use correct tag format in install scripts and handle uninstall errors gracefully

* fix: use correct hardcoded extension name in tag format

* refactor: use artifacts for binaries, lightweight release for registry only

- Upload all 6 platform binaries + registry as GitHub Actions artifacts (90 day retention)
- Create minimal release with just registry.json for unauthenticated one-line install
- Manual registry generation with correct PR version to fix version mismatch
- Remove binary uploads from releases to avoid clutter
- Update PR comment to reference artifacts for binaries, release for registry
- Simplify cleanup job to only delete lightweight registry releases
- Artifacts auto-expire after 90 days

Benefits:
- One-line install continues to work (downloads registry from release)
- Releases page stays clean (no large binary uploads)
- Full build artifacts available via Actions for manual installation
- Correct PR version in registry (e.g., 0.5.7-pr55 not 0.5.7)

* fix: delete existing release before creating new one

* refactor: use azd x release/publish like release.yml

- Use azd x release to create pre-release with all binaries
- Use azd x publish to generate registry (correct format + PR version)
- Upload registry to release for one-line installer
- Pre-releases are public but shown separately on releases page
- Revert install scripts to download from releases (no gh auth needed)
- Matches standard release workflow approach

* fix: copy artifacts to PR version directory for azd x release

* fix: use gh CLI instead of azd x release to avoid prerelease flag issue

* fix: add GH_TOKEN env var for azd x publish

* fix: wait 5 seconds for release to be created before running azd x publish

* fix: create empty registry file before azd x publish

* fix: set EXTENSION_VERSION env var for azd x pack to use PR version

* fix: temporarily modify extension.yaml to use PR version for packing

* fix: properly check if release exists before deleting

* fix: modify extension.yaml before azd x build to embed PR version in binaries

* fix: don't restore extension.yaml until after pack

* refactor: simplify PR builds to use azd x release like release.yml

* fix: remove duplicate env declaration

* trigger: test simplified PR build workflow

* fix: use gh release create instead of azd x release (--prerelease flag broken)

Author: jongio

.github/workflows/pr-build.yml

@@ -0,0 +1,395 @@
+name: PR Build
+
+on:
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+    branches: [ main ]
+  pull_request_target:
+    branches: [ main ]
+    types: [labeled, closed]
+  push:
+    branches: [ prbuild ]
+    paths:
+      - 'cli/**'
+      - '.github/workflows/pr-build.yml'
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: 'PR number to build'
+        required: false
+        type: number
+
+defaults:
+  run:
+    working-directory: cli
+
+jobs:
+  # Check if build should run
+  check-permission:
+    name: Check Build Permission
+    runs-on: ubuntu-latest
+    # Only run if:
+    # 1. CI workflow succeeded, OR
+    # Only run if:
+    # 1. CI workflow succeeded, OR
+    # 2. Manual trigger via workflow_dispatch, OR
+    # 3. PR labeled with 'safe-to-build', OR
+    # 4. Push to prbuild branch (for testing)
+    if: |
+      github.event_name == 'workflow_dispatch' || 
+      github.event_name == 'pull_request_target' ||
+      github.event_name == 'push' ||
+      (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
+    outputs:
+      allowed: ${{ steps.check.outputs.allowed }}
+      pr_number: ${{ steps.check.outputs.pr_number }}
+      pr_sha: ${{ steps.check.outputs.pr_sha }}
+    
+    steps:
+      - name: Check if build is allowed
+        id: check
+        uses: actions/github-script@v7
+        with:
+          script: |
+            let allowed = false;
+            let prNumber = null;
+            let prSha = null;
+            
+            // Workflow dispatch - always allowed
+            if (context.eventName === 'workflow_dispatch') {
+              allowed = true;
+              prNumber = context.payload.inputs.pr_number;
+              if (prNumber) {
+                const pr = await github.rest.pulls.get({
+                  owner: context.repo.owner,
+                  repo: context.repo.repo,
+                  pull_number: prNumber
+                });
+                prSha = pr.data.head.sha;
+              }
+              core.setOutput('allowed', 'true');
+              core.setOutput('pr_number', prNumber || '');
+              core.setOutput('pr_sha', prSha || '');
+              return;
+            }
+            
+            // push event (for testing on prbuild branch)
+            if (context.eventName === 'push') {
+              allowed = true;
+              // Find PR for this branch
+              const { data: prs } = await github.rest.pulls.list({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                state: 'open',
+                head: `${context.repo.owner}:${context.ref.replace('refs/heads/', '')}`
+              });
+              
+              if (prs.length > 0) {
+                prNumber = prs[0].number;
+                prSha = prs[0].head.sha;
+              }
+              core.setOutput('allowed', 'true');
+              core.setOutput('pr_number', prNumber || '');
+              core.setOutput('pr_sha', prSha || '');
+              return;
+            }
+            
+            // workflow_run - triggered after CI passes
+            if (context.eventName === 'workflow_run') {
+              // Get the PR associated with the workflow run
+              const { data: prs } = await github.rest.pulls.list({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                state: 'open',
+                head: `${context.repo.owner}:${context.payload.workflow_run.head_branch}`
+              });
+              
+              if (prs.length > 0) {
+                const pr = prs[0];
+                const association = pr.author_association;
+                
+                // Check if trusted contributor
+                const trustedAssociations = ['OWNER', 'MEMBER', 'COLLABORATOR', 'CONTRIBUTOR'];
+                if (trustedAssociations.includes(association)) {
+                  allowed = true;
+                  prNumber = pr.number;
+                  prSha = pr.head.sha;
+                } else {
+                  // For first-time contributors, check if they have the label
+                  const hasLabel = pr.labels.some(label => label.name === 'safe-to-build');
+                  if (hasLabel) {
+                    allowed = true;
+                    prNumber = pr.number;
+                    prSha = pr.head.sha;
+                  }
+                }
+              }
+            }
+            
+            // pull_request_target with 'safe-to-build' label
+            if (context.eventName === 'pull_request_target') {
+              const hasLabel = context.payload.pull_request.labels.some(
+                label => label.name === 'safe-to-build'
+              );
+              if (hasLabel) {
+                allowed = true;
+                prNumber = context.payload.pull_request.number;
+                prSha = context.payload.pull_request.head.sha;
+              }
+            }
+            
+            core.setOutput('allowed', allowed ? 'true' : 'false');
+            core.setOutput('pr_number', prNumber || '');
+            core.setOutput('pr_sha', prSha || '');
+            
+            if (!allowed) {
+              core.notice('Build skipped - requires maintainer approval. Add "safe-to-build" label to proceed.');
+            }
+
+  build-pr:
+    name: Build PR Preview
+    runs-on: ubuntu-latest
+    needs: check-permission
+    if: needs.check-permission.outputs.allowed == 'true'
+    permissions:
+      contents: write
+      pull-requests: write
+    
+    steps:
+      - name: Get PR details
+        id: pr
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = '${{ needs.check-permission.outputs.pr_number }}' || context.payload.pull_request.number;
+            const pr = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber
+            });
+            
+            core.setOutput('number', prNumber);
+            core.setOutput('sha', pr.data.head.sha);
+            core.setOutput('ref', pr.data.head.ref);
+            core.setOutput('title', pr.data.title);
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ steps.pr.outputs.sha }}
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.25'
+          cache-dependency-path: cli/go.sum
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+          cache-dependency-path: cli/dashboard/package.json
+
+      - name: Calculate PR version
+        id: version
+        working-directory: cli
+        run: |
+          BASE_VERSION=$(grep '^version:' extension.yaml | awk '{print $2}')
+          PR_NUMBER="${{ steps.pr.outputs.number }}"
+          PR_VERSION="${BASE_VERSION}-pr${PR_NUMBER}"
+          # Use the standard azd extension tag format so azd x publish generates correct URLs
+          STANDARD_TAG="azd-ext-jongio-azd-app_${PR_VERSION}"
+          echo "version=$PR_VERSION" >> $GITHUB_OUTPUT
+          echo "base_version=$BASE_VERSION" >> $GITHUB_OUTPUT
+          echo "tag=$STANDARD_TAG" >> $GITHUB_OUTPUT
+          echo "Building version: $PR_VERSION with tag: $STANDARD_TAG"
+
+      - name: Install azd
+        run: curl -fsSL https://aka.ms/install-azd.sh | bash
+
+      - name: Install azd extensions
+        run: azd extension install microsoft.azd.extensions
+
+      - name: Build dashboard
+        working-directory: cli
+        run: |
+          cd dashboard
+          npm ci
+          npm run build
+
+      - name: Update extension.yaml with PR version
+        working-directory: cli
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          # Temporarily update version (won't commit)
+          sed -i "s/^version: .*/version: ${VERSION}/" extension.yaml
+
+      - name: Build binaries
+        working-directory: cli
+        run: |
+          export EXTENSION_ID="jongio.azd.app"
+          export EXTENSION_VERSION="${{ steps.version.outputs.version }}"
+          azd x build --all
+
+      - name: Package
+        working-directory: cli
+        run: azd x pack
+
+      - name: Create PR pre-release
+        working-directory: cli
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          TAG="azd-ext-jongio-azd-app_${VERSION}"
+          PR_NUM="${{ steps.pr.outputs.number }}"
+          
+          # Delete existing release if it exists (idempotent for re-runs)
+          gh release delete "$TAG" --repo "${{ github.repository }}" --yes 2>/dev/null || true
+          
+          # Create pre-release with all binaries (same pattern as release.yml but with --prerelease)
+          gh release create "$TAG" \
+            --repo "${{ github.repository }}" \
+            --title "PR #${PR_NUM} Preview (v${VERSION})" \
+            --notes "PR #${PR_NUM} preview build. Test using the one-line installer from the PR comment." \
+            --prerelease \
+            ~/.azd/registry/jongio.azd.app/${VERSION}/*
+
+      - name: Update registry
+        working-directory: cli
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          
+          # Generate registry (saves to /tmp/pr-registry.json for the install scripts)
+          echo '{"extensions":[]}' > /tmp/pr-registry.json
+          azd x publish \
+            --registry /tmp/pr-registry.json \
+            --version "$VERSION" \
+            --repo "${{ github.repository }}"
+          
+          # Upload registry to the release so install scripts can download it
+          TAG="azd-ext-jongio-azd-app_${VERSION}"
+          gh release upload "$TAG" --repo "${{ github.repository }}" /tmp/pr-registry.json --clobber
+
+      - name: Generate installation instructions
+        id: instructions
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          PR_NUM="${{ steps.pr.outputs.number }}"
+          TAG="${{ steps.version.outputs.tag }}"
+          REPO="${{ github.repository }}"
+          COMMIT="${{ steps.pr.outputs.sha }}"
+          SHORT_COMMIT=$(echo $COMMIT | cut -c1-7)
+          # Use the branch where the scripts actually exist
+          BRANCH="${{ github.ref_name }}"
+          
+          cat > ../instructions.md <<EOF
+          ## 🚀 Test This PR
+          
+          A preview build (\`$VERSION\`) is ready for testing!
+          
+          ### One-Line Install (Recommended)
+          
+          **PowerShell (Windows):**
+          \`\`\`powershell
+          iex "& { \$(irm https://raw.githubusercontent.com/$REPO/$BRANCH/cli/scripts/install-pr.ps1) } -PrNumber $PR_NUM -Version $VERSION"
+          \`\`\`
+          
+          **Bash (macOS/Linux):**
+          \`\`\`bash
+          curl -fsSL https://raw.githubusercontent.com/$REPO/$BRANCH/cli/scripts/install-pr.sh | bash -s $PR_NUM $VERSION
+          \`\`\`
+          
+          ### Uninstall
+          
+          When you're done testing:
+          
+          **PowerShell (Windows):**
+          \`\`\`powershell
+          iex "& { \$(irm https://raw.githubusercontent.com/$REPO/$BRANCH/cli/scripts/uninstall-pr.ps1) } -PrNumber $PR_NUM"
+          \`\`\`
+          
+          **Bash (macOS/Linux):**
+          \`\`\`bash
+          curl -fsSL https://raw.githubusercontent.com/$REPO/$BRANCH/cli/scripts/uninstall-pr.sh | bash -s $PR_NUM
+          \`\`\`
+          
+          ---
+          
+          **Build Info:**
+          - **Version:** \`$VERSION\`
+          - **Commit:** \`$SHORT_COMMIT\`
+          - **Release:** [View pre-release](https://github.com/$REPO/releases/tag/$TAG)
+          
+          **What to Test:**
+          Please review the PR description and test the changes described there.
+          EOF
+
+      - name: Comment on PR
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const instructions = fs.readFileSync('instructions.md', 'utf8');
+            const prNumber = '${{ steps.pr.outputs.number }}';
+            
+            // Find existing comment
+            const comments = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: prNumber,
+            });
+            
+            const botComment = comments.data.find(comment => 
+              comment.user.type === 'Bot' && 
+              comment.body.includes('🚀 Test This PR')
+            );
+            if (botComment) {
+              // Update existing comment
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: botComment.id,
+                body: instructions
+              });
+              console.log('Updated existing comment');
+            } else {
+              // Create new comment
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: prNumber,
+                body: instructions
+              });
+              console.log('Created new comment');
+            }
+
+  # Cleanup job - removes registry releases when PR closes
+  cleanup:
+    name: Cleanup PR Registry
+    runs-on: ubuntu-latest
+    if: github.event.action == 'closed' && github.event_name == 'pull_request_target'
+    permissions:
+      contents: write
+    
+    steps:
+      - name: Delete PR registry release
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR_NUM=${{ github.event.pull_request.number }}
+          
+          # Find and delete releases matching this PR
+          gh release list --repo ${{ github.repository }} --json tagName,name --limit 100 | \
+            jq -r ".[] | select(.tagName | contains(\"-pr${PR_NUM}\")) | .tagName" | \
+            while read tag; do
+              echo "Deleting release: $tag"
+              gh release delete "$tag" --repo ${{ github.repository }} --yes || true
+              # Delete tag
+              git push --delete origin "$tag" 2>/dev/null || true
+            done