fix: replace release-guard workflow with revert-latest job#4838
fix: replace release-guard workflow with revert-latest job#4838
Conversation
|
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| if [ "$LATEST_TAG" != "$RELEASE_TAG" ]; then | ||
| echo "Tag $RELEASE_TAG is not marked as latest (latest is $LATEST_TAG), skipping." | ||
| exit 0 | ||
| fi |
There was a problem hiding this comment.
We edit the release to be latest as the last step in the Release job.
I think this means that early exit here makes this job only continue if that last step succeeded in setting the release with the pushed tag as latest, but one of the gh actions post steps failed at the end of the job. Even if those happened, the resulting artifacts exist and are valid, right?
If that's true, I wonder if this revert-latest job is worth maintaining.
There was a problem hiding this comment.
Maybe it would be cleaner to mark the release as latest in a separate gh action job in this same workflow, with a needs condition.
Then, it would only be eligible to run once Release has completed all steps and post-steps successfully. I expect that this would also handle cancellation of the job, which so far hasn't been handled with the if: failure() condition.
eg:
mark-latest:
needs: Release
runs-on: ubuntu-latest
steps:
- run: gh release edit "$TAG" --latest
env:
GH_TOKEN: ${{ github.token }}
GH_REPO: ${{ github.repository }}
TAG: ${{ github.ref_name }}There was a problem hiding this comment.
You're right. TBH, this whole release workflow makes me a little itchy. GoReleaser has already promoted the package, image, and brew tap. I wonder why we have make_release: false in .goreleaser.yml... ah, it's because goreleaser tags the release as latest before any artifacts get uploaded. Lovely.
I guess we can do a post-step after cleanup, but I definitely want to add more helpful error messaging around this. We have a lot of ways to end up in an intermediate release state here.
Also adds comments to: - .goreleaser.yml: explains why make_release is set to false - .github/workflows/release.yml: document release/artifact state at each step
3 participants
Summary
The
release-guard.ymlworkflow was broken from day one: theunset-latestjob had noactions/checkoutand noGH_REPO, soghcouldn't resolve the repo (original failure).Rather than patch the guard (#4776), this removes it entirely and replaces the inline "Mark release as latest" step with a separate
mark-latestjob gated onneeds: Release. The release is only promoted tolatestafter the entire Release job succeeds, including post-steps.Changes:
release-guard.ymlMark release as lateststep andrevert-latestjob with amark-latestjob that runs afterReleasesucceedsmark-latestsetsGH_REPOexplicitly (no checkout needed)release.ymldocumenting the state progression through GoReleaser's non-atomic pipeline and what to check on failure at each phase.goreleaser.ymlexplaining whymake_latest: falseis setSupersedes #4776.
If
mark-latestfails, the release and all artifacts exist but/releases/lateststill points to the previous release. The workflow comments include the manual promotion command.Test plan
mark-latestjob hasGH_REPOset (the original bug)