ci: harden release attach and skip release-PR builds by path#74
Merged
Conversation
Addresses three code-review findings on the release pipeline:
1. The attach step dropped generate_release_notes, so if no Release
existed for the tag (a hand-pushed tag, or release-please racing behind
this fast job) softprops would CREATE one whose body is only the static
install block — no changelog, silently. Add a guard that creates the
Release with GitHub auto-generated notes when it's missing, so a Release
is never shipped notes-less.
2. append_body was not idempotent: re-running the release job ("Re-run
jobs") re-appended the install block. Tag the block with an
HTML-comment marker and skip the append when it's already present, so
re-runs are no-ops. A failed body check fails safe to append.
3. Replace the `release-please--` branch-name `if` skip (brittle: couples
to release-please's configurable branch naming, and a human branch
named release-please--* would skip the build/snapshot gate) with a
contractual paths-ignore on the pull_request trigger: skip PRs that
touch only version.txt / CHANGELOG.md / the manifest. push and tag
events carry no paths filter, so the signed release build still runs on
the v*.*.* tag.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses the CI findings (1–3) from the latest code review.
1 · Release could ship notes-less (medium)
Dropping
generate_release_notesleft the attach step correct only when release-please had already created the Release. On a hand-pushed tag (the old docs literally saidgit tag … && git push) or a race,softprops/action-gh-releasefinds no Release and creates one whose body is only the static install block — no changelog, silently.Fix: a guard step ensures the Release exists; if it's missing it's created with
gh release create --generate-notes, so a Release is never notes-less.2 ·
append_bodynot idempotent (medium)One click of Re-run jobs on an already-green release re-appended the whole install block.
Fix: the block carries an HTML-comment marker (
<!-- xrt:install-block -->); the guard step greps for it and the attach step is gated on its absence, so re-runs are no-ops. (A failed body check fails safe → append.) Note: a re-run of a fully-attached release therefore also skips asset re-upload — intended; delete the assets/marker to force a refresh.3 · Brittle branch-name skip (low-med)
#73 skipped the build on
!startsWith(github.head_ref, 'release-please--'). That couples to release-please's configurable branch name and would also skip a human PR branch namedrelease-please--*.Fix: the reviewer's contractual gate —
paths-ignoreon thepull_requesttrigger forversion.txt/CHANGELOG.md/.release-please-manifest.json. Keys on the changed files, never skips a real code PR, and leavespush/tag events untouched (signed release build still runs on the tag).Not changed
Findings 4–6 (overlay) ship separately; finding 6 (dead
usedWarithmetic) and 7 (bit-exact golden) are declined with rationale in the chat triage.🤖 Generated with Claude Code