chore(ci): trigger release workflow from pushes to main#185
Closed
dustinbyrne wants to merge 1 commit intomainfrom
Closed
chore(ci): trigger release workflow from pushes to main#185dustinbyrne wants to merge 1 commit intomainfrom
dustinbyrne wants to merge 1 commit intomainfrom
Conversation
Contributor
posthog-dotnet Compliance ReportDate: 2026-04-23 22:04:13 UTC
|
| Test | Status | Duration |
|---|---|---|
| Request Payload.Request With Person Properties Device Id | ❌ | 43ms |
Failures
request_payload.request_with_person_properties_device_id
404, message='Not Found', url='http://sdk-adapter:8080/get_feature_flag'
Contributor
Prompt To Fix All With AIThis is a comment left during a code review.
Path: .github/workflows/release.yml
Line: 73
Comment:
**`jq index()` returns 0 for the first label, which is falsy in jq**
`index("release")` returns the numeric position of the element. In jq, `0` is falsy, so `select(...and (.labels | map(.name) | index("release")))` silently drops PRs where `"release"` is the very first label — a realistic ordering when it's the first label added. The release would be quietly skipped with no bump type found.
The bump-label checks on lines 75–80 are safe because they use `!= null`, but this initial filter is not. Replace the truthy test with an explicit presence check:
```suggestion
MATCHING_PR_JSON=$(echo "$PRS_JSON" | jq -c --arg branch "$DEFAULT_BRANCH" '[.[] | select(.merged_at != null and .base.ref == $branch and (.labels | map(.name) | contains(["release"])))] | first // {}')
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: .github/workflows/release.yml
Line: 101-121
Comment:
**`check-release-label` is now a passthrough with no logic of its own**
After this PR, the job only re-emits the `bump-type` and `should-release` values already set by `resolve-release-context` — its name no longer matches its behaviour and the "Has no superfluous parts" simplicity rule is violated. The only real purpose it still serves is acting as a dependency gate for `notify-approval-needed`.
Consider either removing it and wiring `notify-approval-needed` directly off `resolve-release-context`, or renaming it to something like `gate-release` to accurately describe its current role.
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "chore(ci): trigger release workflow from..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| fi | ||
|
|
||
| PRS_JSON=$(gh api "repos/${{ github.repository }}/commits/$PUSH_SHA/pulls") | ||
| MATCHING_PR_JSON=$(echo "$PRS_JSON" | jq -c --arg branch "$DEFAULT_BRANCH" '[.[] | select(.merged_at != null and .base.ref == $branch and (.labels | map(.name) | index("release")))] | first // {}') |
Contributor
There was a problem hiding this comment.
jq index() returns 0 for the first label, which is falsy in jq
index("release") returns the numeric position of the element. In jq, 0 is falsy, so select(...and (.labels | map(.name) | index("release"))) silently drops PRs where "release" is the very first label — a realistic ordering when it's the first label added. The release would be quietly skipped with no bump type found.
The bump-label checks on lines 75–80 are safe because they use != null, but this initial filter is not. Replace the truthy test with an explicit presence check:
Suggested change
| MATCHING_PR_JSON=$(echo "$PRS_JSON" | jq -c --arg branch "$DEFAULT_BRANCH" '[.[] | select(.merged_at != null and .base.ref == $branch and (.labels | map(.name) | index("release")))] | first // {}') | |
| MATCHING_PR_JSON=$(echo "$PRS_JSON" | jq -c --arg branch "$DEFAULT_BRANCH" '[.[] | select(.merged_at != null and .base.ref == $branch and (.labels | map(.name) | contains(["release"])))] | first // {}') |
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/release.yml
Line: 73
Comment:
**`jq index()` returns 0 for the first label, which is falsy in jq**
`index("release")` returns the numeric position of the element. In jq, `0` is falsy, so `select(...and (.labels | map(.name) | index("release")))` silently drops PRs where `"release"` is the very first label — a realistic ordering when it's the first label added. The release would be quietly skipped with no bump type found.
The bump-label checks on lines 75–80 are safe because they use `!= null`, but this initial filter is not. Replace the truthy test with an explicit presence check:
```suggestion
MATCHING_PR_JSON=$(echo "$PRS_JSON" | jq -c --arg branch "$DEFAULT_BRANCH" '[.[] | select(.merged_at != null and .base.ref == $branch and (.labels | map(.name) | contains(["release"])))] | first // {}')
```
How can I resolve this? If you propose a fix, please make it concise.
Comment on lines
101
to
121
| @@ -38,29 +110,15 @@ jobs: | |||
| - name: Check release conditions | |||
| id: check | |||
| env: | |||
| EVENT_NAME: ${{ github.event_name }} | |||
| BUMP_TYPE: ${{ inputs.bump_type }} | |||
| HAS_BUMP_MAJOR: ${{ contains(github.event.pull_request.labels.*.name, 'bump-major') }} | |||
| HAS_BUMP_MINOR: ${{ contains(github.event.pull_request.labels.*.name, 'bump-minor') }} | |||
| HAS_BUMP_PATCH: ${{ contains(github.event.pull_request.labels.*.name, 'bump-patch') }} | |||
| BUMP_TYPE: ${{ needs.resolve-release-context.outputs.bump-type }} | |||
| run: | | |||
| if [ "$EVENT_NAME" = "workflow_dispatch" ]; then | |||
| if [ -n "$BUMP_TYPE" ]; then | |||
| echo "bump-type=$BUMP_TYPE" >> "$GITHUB_OUTPUT" | |||
| echo "should-release=true" >> "$GITHUB_OUTPUT" | |||
| echo "Manual release requested with bump type '$BUMP_TYPE'" | |||
| elif [ "$HAS_BUMP_MAJOR" = "true" ]; then | |||
| echo "bump-type=major" >> "$GITHUB_OUTPUT" | |||
| echo "should-release=true" >> "$GITHUB_OUTPUT" | |||
| elif [ "$HAS_BUMP_MINOR" = "true" ]; then | |||
| echo "bump-type=minor" >> "$GITHUB_OUTPUT" | |||
| echo "should-release=true" >> "$GITHUB_OUTPUT" | |||
| elif [ "$HAS_BUMP_PATCH" = "true" ]; then | |||
| echo "bump-type=patch" >> "$GITHUB_OUTPUT" | |||
| echo "should-release=true" >> "$GITHUB_OUTPUT" | |||
| echo "Release requested with bump type $BUMP_TYPE" | |||
| else | |||
| echo "should-release=false" >> "$GITHUB_OUTPUT" | |||
| fi | |||
Contributor
There was a problem hiding this comment.
check-release-label is now a passthrough with no logic of its own
After this PR, the job only re-emits the bump-type and should-release values already set by resolve-release-context — its name no longer matches its behaviour and the "Has no superfluous parts" simplicity rule is violated. The only real purpose it still serves is acting as a dependency gate for notify-approval-needed.
Consider either removing it and wiring notify-approval-needed directly off resolve-release-context, or renaming it to something like gate-release to accurately describe its current role.
Prompt To Fix With AI
This is a comment left during a code review.
Path: .github/workflows/release.yml
Line: 101-121
Comment:
**`check-release-label` is now a passthrough with no logic of its own**
After this PR, the job only re-emits the `bump-type` and `should-release` values already set by `resolve-release-context` — its name no longer matches its behaviour and the "Has no superfluous parts" simplicity rule is violated. The only real purpose it still serves is acting as a dependency gate for `notify-approval-needed`.
Consider either removing it and wiring `notify-approval-needed` directly off `resolve-release-context`, or renaming it to something like `gate-release` to accurately describe its current role.
How can I resolve this? If you propose a fix, please make it concise.Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
💡 Motivation and Context
The release workflow was triggered by
pull_request.closed, so protected release environments could be requested from arefs/pull/*/mergeref instead ofrefs/heads/mainafter a PR merged. That can cause environment protection to reject the release even though the PR landed onmain.This ports the CI release fix from PostHog/posthog-js#3461.
Changes
pushtomaininstead ofpull_request.closed.workflow_dispatchfor manual releases.resolve-release-contextjob that skips automated version-bump commits, finds the PR associated with the pushed commit, and only continues when the merged PR currently has thereleaselabel.💚 How did you test it?
.github/workflows/release.ymlas YAML.actionlinton.github/workflows/release.yml(ignoring the pre-existingactions/create-github-app-token@v3client-id/app-idwarning where that already exists in the workflow).📝 Checklist
If releasing new changes
pnpm changesetto generate a changeset file