ci: harden release flow, pin and reset aidd-ui#368
Conversation
- back-merge: open a tracking issue on failure so drift is never silent - promote: a workflow_dispatch that rebase-merges next into main (never squash), so commitlint and release-please stay correct - docs/RELEASE.md: the release runbook for humans and AI (rebase rule, automation map, recovery steps) - release-please-config: pin aidd-ui to 0.1.0-alpha.0, overriding the stray Release-As 4.0.0 footer that wrongly bumped it Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Undo the stray 4.0.0 bump (caused by a misfired Release-As footer): reset the manifest, plugin.json, and CHANGELOG. Paired with the release-as pin in release-please-config.json so the next cut lands at 0.1.0-alpha.0, not 4.0.0. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 577432844e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| fi | ||
| echo "Promote PR: #$PR" | ||
| # Rebase auto-merge: GitHub merges it once CI is green. Never squash. | ||
| gh pr merge "$PR" --repo "$REPO" --rebase --auto |
There was a problem hiding this comment.
Use the ruleset bypass when merging promote PRs
With the checked main ruleset, main still requires one CODEOWNERS approval, and this repo's existing release-PR path documents that plain gh pr merge is refused by the branch policy even for the bot App (.github/workflows/ci.yml:77-89). gh pr merge --auto only merges after required reviews/checks are satisfied, so a PR created by this workflow will remain blocked waiting for approval instead of self-merging after CI; add an approval path or use the same admin/bypass merge mechanism intentionally.
Useful? React with 👍 / 👎.
| }, | ||
| "plugins/aidd-ui": { | ||
| "package-name": "aidd-ui", | ||
| "release-as": "0.1.0-alpha.0", |
There was a problem hiding this comment.
Include aidd-ui in the release artifact matrix
This pin forces plugins/aidd-ui into the next release, but the only per-plugin artifact job still iterates the six older plugins in .github/workflows/ci.yml:176-184 and omits aidd-ui. When release-please publishes an aidd-ui tag, no matrix cell uploads /tmp/aidd-ui-v...zip, so that GitHub release is created without its installable bundle; add aidd-ui to the matrix before forcing the release.
Useful? React with 👍 / 👎.
| set -euo pipefail | ||
| # Reuse an open next -> main PR if one exists, else open one with a | ||
| # conventional, squash-safe title. | ||
| PR=$(gh pr list --repo "$REPO" --base main --head next --state open --json number --jq '.[0].number' || true) |
There was a problem hiding this comment.
Treat an empty promote lookup as missing
When no next -> main PR is already open, the jq expression over an empty list yields null, which is non-empty to [ -z "$PR" ]; the workflow then skips gh pr create and tries to merge PR null. That makes the first/manual promote run fail before it can open the PR, so coerce the query to an empty string (for example with .[0].number // "") or test for null explicitly.
Useful? React with 👍 / 👎.
| gh issue create \ | ||
| --repo "${{ github.repository }}" \ | ||
| --title "Back-merge main into next failed (run ${{ github.run_id }})" \ | ||
| --label "back-merge-failed" \ |
There was a problem hiding this comment.
Create the back-merge failure label before using it
In repos synced from the canonical .github/labels.yml, back-merge-failed is not defined, and gh issue create resolves label IDs before creating the issue; when this failure path runs with the missing label, the command aborts and the trailing || echo masks it, leaving no tracking issue for the drift. Add the label to the canonical label list or create the issue first and label it only if the label exists.
Useful? React with 👍 / 👎.
🎯 What & why
Harden the release pipeline so the next→main flow is intuitive and never breaks silently, and undo the stray aidd-ui 4.0.0 bump.
🛠️ How it works
back-merge-failedissue on failure (no more silent drift).workflow_dispatchthat rebase-mergesnext→main(never squash), so commitlint and release-please stay correct.0.1.0-alpha.0and pinrelease-asin release-please-config, overriding the misfiredRelease-As: 4.0.0footer.🧪 How to verify
After this lands and a promote runs, release-please cuts aidd-ui at
0.1.0-alpha.0, not 4.0.0.The published
aidd-ui-v4.0.0tag + GitHub release still need deleting (separate manual step). The bot-appalwaysbypass on thenextruleset is still needed for the back-merge to run unattended.✅ I certify