Skip to content

ci: harden release flow, pin and reset aidd-ui#368

Merged
blafourcade merged 2 commits into
nextfrom
chore/release-hardening
Jun 30, 2026
Merged

ci: harden release flow, pin and reset aidd-ui#368
blafourcade merged 2 commits into
nextfrom
chore/release-hardening

Conversation

@blafourcade

Copy link
Copy Markdown
Contributor

🎯 What & why

Harden the release pipeline so the next→main flow is intuitive and never breaks silently, and undo the stray aidd-ui 4.0.0 bump.

🛠️ How it works

  • back-merge: opens a back-merge-failed issue on failure (no more silent drift).
  • promote workflow: one workflow_dispatch that rebase-merges nextmain (never squash), so commitlint and release-please stay correct.
  • docs/RELEASE.md: the release runbook for humans and AI.
  • aidd-ui: reset version files to 0.1.0-alpha.0 and pin release-as in release-please-config, overriding the misfired Release-As: 4.0.0 footer.

🧪 How to verify

After this lands and a promote runs, release-please cuts aidd-ui at 0.1.0-alpha.0, not 4.0.0.

⚠️ Heads-up

The published aidd-ui-v4.0.0 tag + GitHub release still need deleting (separate manual step). The bot-app always bypass on the next ruleset is still needed for the back-merge to run unattended.

✅ I certify

  • I DO CERTIFY I READ EACH LINE OF THE PULL REQUEST BECAUSE I AM A SOFTWARE ENGINEER, NOT A AI PUPPY.

blafourcade and others added 2 commits June 30, 2026 18:44
- back-merge: open a tracking issue on failure so drift is never silent
- promote: a workflow_dispatch that rebase-merges next into main (never
  squash), so commitlint and release-please stay correct
- docs/RELEASE.md: the release runbook for humans and AI (rebase rule,
  automation map, recovery steps)
- release-please-config: pin aidd-ui to 0.1.0-alpha.0, overriding the stray
  Release-As 4.0.0 footer that wrongly bumped it

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Undo the stray 4.0.0 bump (caused by a misfired Release-As footer): reset the
manifest, plugin.json, and CHANGELOG. Paired with the release-as pin in
release-please-config.json so the next cut lands at 0.1.0-alpha.0, not 4.0.0.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@blafourcade blafourcade merged commit dd995b8 into next Jun 30, 2026
7 checks passed
@blafourcade blafourcade deleted the chore/release-hardening branch June 30, 2026 16:45

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 577432844e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

fi
echo "Promote PR: #$PR"
# Rebase auto-merge: GitHub merges it once CI is green. Never squash.
gh pr merge "$PR" --repo "$REPO" --rebase --auto

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use the ruleset bypass when merging promote PRs

With the checked main ruleset, main still requires one CODEOWNERS approval, and this repo's existing release-PR path documents that plain gh pr merge is refused by the branch policy even for the bot App (.github/workflows/ci.yml:77-89). gh pr merge --auto only merges after required reviews/checks are satisfied, so a PR created by this workflow will remain blocked waiting for approval instead of self-merging after CI; add an approval path or use the same admin/bypass merge mechanism intentionally.

Useful? React with 👍 / 👎.

},
"plugins/aidd-ui": {
"package-name": "aidd-ui",
"release-as": "0.1.0-alpha.0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Include aidd-ui in the release artifact matrix

This pin forces plugins/aidd-ui into the next release, but the only per-plugin artifact job still iterates the six older plugins in .github/workflows/ci.yml:176-184 and omits aidd-ui. When release-please publishes an aidd-ui tag, no matrix cell uploads /tmp/aidd-ui-v...zip, so that GitHub release is created without its installable bundle; add aidd-ui to the matrix before forcing the release.

Useful? React with 👍 / 👎.

set -euo pipefail
# Reuse an open next -> main PR if one exists, else open one with a
# conventional, squash-safe title.
PR=$(gh pr list --repo "$REPO" --base main --head next --state open --json number --jq '.[0].number' || true)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Treat an empty promote lookup as missing

When no next -> main PR is already open, the jq expression over an empty list yields null, which is non-empty to [ -z "$PR" ]; the workflow then skips gh pr create and tries to merge PR null. That makes the first/manual promote run fail before it can open the PR, so coerce the query to an empty string (for example with .[0].number // "") or test for null explicitly.

Useful? React with 👍 / 👎.

gh issue create \
--repo "${{ github.repository }}" \
--title "Back-merge main into next failed (run ${{ github.run_id }})" \
--label "back-merge-failed" \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Create the back-merge failure label before using it

In repos synced from the canonical .github/labels.yml, back-merge-failed is not defined, and gh issue create resolves label IDs before creating the issue; when this failure path runs with the missing label, the command aborts and the trailing || echo masks it, leaving no tracking issue for the drift. Add the label to the canonical label list or create the issue first and label it only if the label exists.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant