Skip to content

fix: switch dev tags to semver and use same release pipeline as stable#729

Merged
Aureliolo merged 2 commits intomainfrom
fix/dev-semver-tags
Mar 22, 2026
Merged

fix: switch dev tags to semver and use same release pipeline as stable#729
Aureliolo merged 2 commits intomainfrom
fix/dev-semver-tags

Conversation

@Aureliolo
Copy link
Copy Markdown
Owner

@Aureliolo Aureliolo commented Mar 22, 2026

Summary

  • Switch dev tag format from PEP 440 (v0.4.7.dev3) to semver (v0.4.7-dev.3) so GoReleaser can parse them
  • Create dev releases as draft pre-releases instead of published, so they flow through the exact same finalize-release pipeline as stable releases
  • Remove the dev exclusion guard from finalize-release -- both stable and dev releases now use the same lifecycle

Why

After merging #715 and #716, the dev-release workflow correctly created tags and triggered downstream pipelines, but both failed:

  1. CLI: GoReleaser rejected v0.4.7.dev4 as invalid semver (failed to parse tag as semver)
  2. Docker: SBOM attachment failed because dev releases were created as published (immutable), blocking asset uploads

How it works now

Same pipeline, zero special-casing:

  1. dev-release.yml creates draft pre-release + tag (via PAT)
  2. Docker workflow triggers on tag -- builds, scans, pushes, attaches SBOMs to draft
  3. CLI workflow triggers on tag -- GoReleaser builds binaries, attaches to draft
  4. finalize-release.yml publishes the draft once both succeed

This is identical to the stable release flow.

Changes

  • dev-release.yml: semver tag format (-dev.N), --draft --prerelease, updated grep/jq filters
  • docker.yml: .dev -> -dev. in all contains() checks
  • finalize-release.yml: removed !contains(.dev) guard -- handles both stable and dev
  • cli/internal/selfupdate/updater.go: splitDev and selectBestRelease parse -dev. format
  • cli/internal/selfupdate/updater_version_test.go: all test cases updated
  • cli/internal/selfupdate/updater_test.go: integration test cases updated
  • CLAUDE.md: updated tag examples and descriptions
  • Cleaned up old v0.4.7.dev3 and v0.4.7.dev4 releases/tags

Test plan

  • Push to main triggers dev-release.yml, creates v0.4.7-dev.N tag + draft pre-release
  • Docker workflow triggers, builds all 3 images, attaches SBOMs to draft
  • CLI workflow triggers, GoReleaser builds binaries, attaches to draft
  • finalize-release publishes the draft after both succeed
  • go test ./... passes (verified locally)
  • synthorg update on dev channel finds semver dev releases

Closes #713

@Aureliolo @claude
fix: switch dev tags to semver and use same release pipeline as stable
ba5c16b 
Dev releases now use semver-compatible tags (v0.4.7-dev.3 instead of
PEP 440 v0.4.7.dev3) and are created as draft pre-releases, flowing
through the exact same pipeline as stable releases:

1. dev-release.yml creates draft pre-release + tag (via PAT)
2. Docker workflow builds, scans, pushes, attaches SBOMs to draft
3. CLI workflow builds via GoReleaser, attaches binaries to draft
4. finalize-release publishes once both succeed

This fixes two failures:
- GoReleaser rejected PEP 440 tags as invalid semver
- SBOM upload failed on published (immutable) dev releases

Same artifacts, same signing, same attestations -- zero special-casing.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Mar 22, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b3e6bd8f-c96c-4304-98bc-c7b3579b7019

📥 Commits

Reviewing files that changed from the base of the PR and between ba5c16b and f3081a9.

📒 Files selected for processing (1)
  • CLAUDE.md
📜 Recent review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Build Backend
  • GitHub Check: Build Sandbox
  • GitHub Check: Build Web
  • GitHub Check: CLI Test (windows-latest)
  • GitHub Check: Analyze (python)
🧰 Additional context used
🧠 Learnings (22)
📓 Common learnings 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Merge release PR -> draft Release + tag -> Docker + CLI workflows attach assets -> finalize-release publishes. Dev releases are created on every push to main (except Release Please bumps) with PEP 440 format (e.g. `v0.4.7.dev3`). Old dev pre-releases auto-clean (keeps 5 most recent).

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Releases are automated by Release Please. Version bumping (pre-1.0): `fix:`/`feat:` = patch, `feat!:`/`BREAKING CHANGE` = minor. Use `Release-As: X.Y.Z` trailer as the final paragraph of the PR body (separated by blank line).

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), grouped minor/patch, no auto-merge. Use `/review-dep-pr` before merging.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/cli.yml : CLI workflow: Go lint (golangci-lint + go vet) + test (-race -coverprofile) + build (cross-compile: linux/darwin/windows × amd64/arm64) + govulncheck + fuzz testing (main-only, 30s/target, continue-on-error, matrix over 4 packages). cli-pass gate includes fuzz as informational. GoReleaser release on v* tags. Cosign keyless signing of checksums.txt. SLSA L3 provenance attestations. Sigstore bundle (.sigstore.json) attached. Post-release appends checksums/verification/provenance to draft release notes.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Applies to docker/** : Docker images: backend (Chainguard distroless, non-root), web (nginx-unprivileged, SPA + API proxy), sandbox (Python + Node.js, non-root). Config: all Docker files in `docker/` -- Dockerfiles, compose, `.env.example`. Single root `.dockerignore`. Tag strategy: version from `pyproject.toml`, semver, SHA, plus dev tags (`v0.4.7.dev3`, `dev` rolling).

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T11:19:40.044Z
Learning: CLI workflow (`.github/workflows/cli.yml`) runs Go lint (golangci-lint + go vet) + test (race, coverage) + build (cross-compile matrix) + vulnerability check (govulncheck) + fuzz testing. Cross-compiles for linux/darwin/windows × amd64/arm64. GoReleaser release on v* tags with cosign keyless signing and SLSA L3 attestations.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T12:00:18.113Z
Learning: Commits: <type>: <description> — types: feat, fix, refactor, docs, test, chore, perf, ci. Enforced by commitizen (commit-msg hook). Signed commits: required on main via branch protection — all commits must be GPG/SSH signed.

Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/finalize-release.yml : Finalize Release workflow: publishes draft releases created by Release Please. Triggers on workflow_run completion of Docker and CLI workflows. Verifies both workflows succeeded for the associated tag before publishing. Extracts CLI checksums, cosign verification, and container verification data from HTML comments, assembles into combined Verification section. Guards against PR-triggered runs. Handles TOCTOU races. Immutable releases enabled—once published, release assets and body cannot be modified.
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Merge release PR -> draft Release + tag -> Docker + CLI workflows attach assets -> finalize-release publishes. Dev releases are created on every push to main (except Release Please bumps) with PEP 440 format (e.g. `v0.4.7.dev3`). Old dev pre-releases auto-clean (keeps 5 most recent).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Releases are automated by Release Please. Version bumping (pre-1.0): `fix:`/`feat:` = patch, `feat!:`/`BREAKING CHANGE` = minor. Use `Release-As: X.Y.Z` trailer as the final paragraph of the PR body (separated by blank line).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Applies to docker/** : Docker images: backend (Chainguard distroless, non-root), web (nginx-unprivileged, SPA + API proxy), sandbox (Python + Node.js, non-root). Config: all Docker files in `docker/` -- Dockerfiles, compose, `.env.example`. Single root `.dockerignore`. Tag strategy: version from `pyproject.toml`, semver, SHA, plus dev tags (`v0.4.7.dev3`, `dev` rolling).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T18:17:43.675Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to docker/{Dockerfile*,compose.yml} : Docker: Backend uses 3-stage build (builder → setup → distroless runtime), Chainguard Python, non-root (UID 65532), CIS-hardened. Web uses nginxinc/nginx-unprivileged, Vue 3 SPA with PrimeVue + Tailwind CSS, SPA routing, API/WebSocket proxy to backend.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T16:38:08.735Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T16:38:08.735Z
Learning: Applies to docker/** : Docker build context: single root .dockerignore (both images build with context: .). Tags: CI tags images with version from pyproject.toml ([tool.commitizen].version), semver, and SHA.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T21:32:02.880Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/docker.yml : Docker workflow: builds backend + web + sandbox images, pushes to GHCR, signs with cosign. SLSA L3 provenance attestations via actions/attest-build-provenance. Scans: Trivy (CRITICAL = hard fail, HIGH = warn) + Grype (critical cutoff) + CIS Docker Benchmark v1.6.0 compliance (informational). CVE triage via .github/.trivyignore.yaml and .github/.grype.yaml. Images only pushed after scans pass. Triggers on push to main and version tags (v*).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-19T07:12:14.508Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T07:12:14.508Z
Learning: Applies to docker/Dockerfile : Docker: 3-stage build (builder → setup → distroless runtime) for backend, Chainguard Python, non-root (UID 65532), CIS-hardened

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-19T07:12:14.508Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T07:12:14.508Z
Learning: Applies to docker/Dockerfile.sandbox : Docker sandbox: `synthorg-sandbox` — Python 3.14 + Node.js + git, non-root (UID 10001), agent code execution sandbox

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-19T07:12:14.508Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T07:12:14.508Z
Learning: Applies to src/synthorg/**/*.py : Package structure: src/synthorg/ organized as: api/ (REST+WebSocket, Litestar), auth/ (auth subpackage), backup/ (scheduled/manual backups), budget/ (cost tracking, CFO), cli/ (superseded by Go CLI), communication/ (message bus, meetings), config/ (YAML loading), core/ (domain models, resilience config), engine/ (orchestration, task state, coordination, approval gates, stagnation detection, context budget, compaction), hr/ (hiring, performance, promotion), memory/ (pluggable backend, Mem0, retrieval, consolidation), persistence/ (operational data, SQLite, settings), observability/ (logging, correlation, sinks), providers/ (LLM abstraction, LiteLLM, auth types, presets, runtime CRUD), settings/ (runtime-editable, typed definitions, encryption, config bridge), security/ (SecOps, rule engine, output scanning, progressive trust, autonomy levels), templates/ (company templates, personalities), tools/ (registry, built-in tools, git, sandbox, code_runner, MCP...

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T12:00:18.113Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T12:00:18.113Z
Learning: Applies to .github/workflows/docker.yml : CI Docker: build → scan → push to GHCR + cosign sign + SLSA L3 provenance via attest-build-provenance (images only pushed after Trivy/Grype scans pass).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Docker: build and run with `docker compose -f docker/compose.yml build` and `docker compose -f docker/compose.yml up -d`. Down: `docker compose -f docker/compose.yml down`. Verify with `curl http://localhost:3001/api/v1/health` (backend direct) or `http://localhost:3000` (via web proxy).

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-19T11:33:01.580Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T11:33:01.580Z
Learning: Applies to docker/Dockerfile.web : `nginxinc/nginx-unprivileged` base with non-root user (UID 101), Vue 3 SPA (PrimeVue + Tailwind CSS), SPA routing, API/WebSocket proxy to backend

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Do not manually edit `.github/release-please-config.json`, `.github/.release-please-manifest.json`, or `.github/CHANGELOG.md`. These are auto-generated by Release Please.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T12:00:18.113Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T12:00:18.113Z
Learning: Commits: <type>: <description> — types: feat, fix, refactor, docs, test, chore, perf, ci. Enforced by commitizen (commit-msg hook). Signed commits: required on main via branch protection — all commits must be GPG/SSH signed.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T21:32:02.880Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/finalize-release.yml : Finalize Release workflow: publishes draft releases created by Release Please. Triggers on workflow_run completion of Docker and CLI workflows. Verifies both workflows succeeded for the associated tag before publishing. Extracts CLI checksums, cosign verification, and container verification data from HTML comments, assembles into combined Verification section. Guards against PR-triggered runs. Handles TOCTOU races. Immutable releases enabled—once published, release assets and body cannot be modified.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-19T11:19:40.044Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-19T11:19:40.044Z
Learning: CLI workflow (`.github/workflows/cli.yml`) runs Go lint (golangci-lint + go vet) + test (race, coverage) + build (cross-compile matrix) + vulnerability check (govulncheck) + fuzz testing. Cross-compiles for linux/darwin/windows × amd64/arm64. GoReleaser release on v* tags with cosign keyless signing and SLSA L3 attestations.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Dependabot: daily updates (uv, github-actions, npm, pre-commit, docker, gomod), grouped minor/patch, no auto-merge. Use `/review-dep-pr` before merging.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T21:32:02.880Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/*.yml : Dependabot: daily updates for uv + github-actions + npm + pre-commit + docker + gomod, grouped minor/patch, no auto-merge. Use `/review-dep-pr` to review Dependabot PRs before merging.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-22T13:59:44.140Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-22T13:59:44.140Z
Learning: Dependency review: `dependency-review.yml` -- license allow-list (permissive only), PR comment summaries.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T21:32:02.880Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T21:32:02.880Z
Learning: Applies to .github/workflows/cli.yml : CLI workflow: Go lint (golangci-lint + go vet) + test (-race -coverprofile) + build (cross-compile: linux/darwin/windows × amd64/arm64) + govulncheck + fuzz testing (main-only, 30s/target, continue-on-error, matrix over 4 packages). cli-pass gate includes fuzz as informational. GoReleaser release on v* tags. Cosign keyless signing of checksums.txt. SLSA L3 provenance attestations. Sigstore bundle (.sigstore.json) attached. Post-release appends checksums/verification/provenance to draft release notes.

Applied to files:

  • CLAUDE.md
📚 Learning: 2026-03-15T18:17:43.675Z 
Learnt from: CR
Repo: Aureliolo/synthorg PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-03-15T18:17:43.675Z
Learning: Applies to .github/workflows/**/*.yml : Path filtering: dorny/paths-filter detects Python/dashboard/docker changes; jobs only run when their domain is affected. CLI has its own workflow (cli.yml).

Applied to files:

  • CLAUDE.md
🔇 Additional comments (4)
CLAUDE.md (4)

98-98: LGTM! Dev tag format correctly updated.

The Docker tags documentation now reflects the new semver-style dev tag format (v0.4.7-dev.3), aligning with the workflow changes in this PR.

226-226: LGTM! Dev channel documentation accurately reflects new pipeline.

The dev channel description correctly shows the new semver dev tag format and accurately states that dev releases now use the same Docker + CLI pipelines as stable releases, which matches the PR's objective of unifying the release flow.

245-245: LGTM! Dev release workflow documentation is precise.

The documentation correctly describes the dev-release workflow creating "semver dev tags" with the new -dev.N format and accurately notes that these tags trigger the existing Docker + CLI workflows.

246-246: LGTM! Finalize-release documentation reflects unified pipeline.

The documentation now correctly states that finalize-release.yml handles both stable and dev releases, matching the removal of the dev exclusion guard described in the PR objectives.

Note: The retrieved learning stating that dev releases use PEP 440 format (v0.4.7.dev3) is now outdated and should be updated to reflect the new semver format (v0.4.7-dev.3) and unified pipeline.

Walkthrough

This pull request switches dev release tagging from PEP 440 style (vX.Y.Z.devN) to a semver-like style (vX.Y.Z-dev.N) across CI and CLI. GitHub Actions workflows (dev-release, docker, finalize-release) and Docker tag logic were updated to construct and detect -dev. tags; dev releases are now created as draft pre-releases. CLI self-update code and tests were updated to parse and compare the new -dev. format. Documentation (CLAUDE.md) was updated to reflect the new dev tag convention.

Suggested labels

autorelease: tagged

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 33.33% which is insufficient. The required threshold is 40.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main changes: switching dev tags to semver format and unifying the dev release pipeline with the stable release pipeline.
Description check ✅ Passed The description is comprehensive and directly related to the changeset, explaining both the changes made and the motivation/rationale behind them.
Linked Issues check ✅ Passed The PR implements core requirements from #713: dev channel incremental pre-releases with versioning, Docker workflow updates, CLI self-update logic changes, and release pipeline unification. However, the format changed from PEP 440 to semver without explicit issue discussion.
Out of Scope Changes check ✅ Passed All code changes directly address the dev-release pipeline unification objective. CLAUDE.md documentation update and cleanup of old releases are supporting changes appropriate to the scope.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 22, 2026
edited
Loading

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist bot commented Mar 22, 2026

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request streamlines the development release process by adopting a semver-compliant tag format and integrating dev releases into the existing stable release pipeline. This change resolves previous incompatibilities with GoReleaser and asset uploads, ensuring a consistent and robust release workflow for both development and stable versions.

Highlights

  • Standardized Dev Tag Format: Switched the development tag format from PEP 440 (e.g., v0.4.7.dev3) to a semver-compliant format (e.g., v0.4.7-dev.3) to ensure compatibility with GoReleaser.
  • Unified Release Pipeline: Modified the dev release process to create draft pre-releases instead of published ones, allowing them to flow through the exact same asset attachment and finalization pipeline as stable releases. This resolves issues with SBOM attachment and asset uploads.
  • Removed Dev Exclusion: Eliminated the dev exclusion guard from the finalize-release workflow, enabling it to handle both stable and development releases uniformly.
Ignored Files
  • Ignored by pattern: .github/workflows/** (3)
    • .github/workflows/dev-release.yml
    • .github/workflows/docker.yml
    • .github/workflows/finalize-release.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Mar 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the development tag format from a PEP 440 style (.devN) to a semver-compliant one (-dev.N). This change is aimed at making the tags parsable by GoReleaser and unifying the release pipeline for both stable and development builds. The modifications in the Go code to handle the new tag format, along with the corresponding updates to test cases and documentation, are all correct and consistent with the stated goal. The changes are well-implemented and I have not found any issues.

@Aureliolo Aureliolo merged commit 4df6b9b into main Mar 22, 2026
44 checks passed
@Aureliolo Aureliolo deleted the fix/dev-semver-tags branch March 22, 2026 14:07
@Aureliolo Aureliolo mentioned this pull request Mar 22, 2026
Merged
Aureliolo added a commit that referenced this pull request Mar 22, 2026
@Aureliolo
chore(main): release 0.4.7 (#711)
3045df8 
🤖 I have created a release *beep* *boop*
---


##
[0.4.7](v0.4.6...v0.4.7)
(2026-03-22)


### Features

* add system user for CLI-to-backend authentication
([#710](#710))
([dc6bd3f](dc6bd3f))
* dev channel builds with incremental pre-releases between stable
releases ([#715](#715))
([0e8a714](0e8a714))
* replace hardcoded name pools with Faker multi-locale name generation
([#714](#714))
([5edc6ec](5edc6ec))


### Bug Fixes

* dev-release tag creation, dependabot coverage, go -C cli convention
([#730](#730))
([7634843](7634843))
* improve name generation step UX and fix sentinel expansion bug
([#739](#739))
([f03fd05](f03fd05))
* settings page UX polish -- toggle bug, source badges, form
improvements ([#712](#712))
([d16a0ac](d16a0ac))
* switch dev tags to semver and use same release pipeline as stable
([#729](#729))
([4df6b9b](4df6b9b)),
closes [#713](#713)
* unify CLI image discovery and standardize Go tooling
([#738](#738))
([712a785](712a785))
* use PAT in dev-release workflow to trigger downstream pipelines
([#716](#716))
([d767aa3](d767aa3))


### CI/CD

* bump astral-sh/setup-uv from 7.4.0 to 7.6.0 in
/.github/actions/setup-python-uv in the minor-and-patch group
([#731](#731))
([7887257](7887257))
* bump the minor-and-patch group with 3 updates
([#735](#735))
([7cd253a](7cd253a))
* bump wrangler from 4.75.0 to 4.76.0 in /.github in the minor-and-patch
group ([#732](#732))
([a6cafc7](a6cafc7))
* clean up all dev releases and tags on stable release
([#737](#737))
([8d90f5c](8d90f5c))


### Maintenance

* bump the minor-and-patch group across 2 directories with 2 updates
([#733](#733))
([2b60069](2b60069))
* bump the minor-and-patch group with 3 updates
([#734](#734))
([859bc25](859bc25))
* fix dependabot labels and add scope tags
([#736](#736))
([677eb15](677eb15))
* remove redundant pytest.mark.timeout(30) markers
([#740](#740))
([9ec2163](9ec2163))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: dev channel builds with incremental pre-releases between stable releases

1 participant

@Aureliolo