Skip to content

feat: promote npm edge tag to latest when prerelease is promoted#86

Merged
AaronFeledy merged 3 commits intomainfrom
feature/promote-edge-on-edit
Feb 20, 2026
Merged

feat: promote npm edge tag to latest when prerelease is promoted#86
AaronFeledy merged 3 commits intomainfrom
feature/promote-edge-on-edit

Conversation

@AaronFeledy
Copy link
Copy Markdown
Member

@AaronFeledy AaronFeledy commented Feb 20, 2026
edited by cursor bot
Loading

Problem

When a release is published as a prerelease, it gets tagged as edge on npm. Later, when the release is promoted to a full release in GitHub, the npm latest tag doesn't update because the workflow only triggered on published.

Solution

  • Added released to the release workflow trigger types
  • New lightweight promote job that only runs npm dist-tag add latest — no install, no lint, no tests, no re-publish
  • Only fires on the released event (when a prerelease is promoted to full release)
  • Existing deploy job is now explicitly gated to published events only (no behavior change)
  • Uses TAG_NAME env var instead of direct interpolation to prevent script injection

Flow

  1. Publish as prerelease → full pipeline runs, publishes with edge tag (unchanged)
  2. Promote release → uncheck prerelease → promote job runs, points latest to that version (~15s)

The dist-tag add command is idempotent, so if both published and released fire on a fresh non-prerelease publish, the redundant promote is harmless.

Note

Low Risk
Workflow-only change that adjusts npm dist-tags on promotion; main risk is mis-tagging latest or an unexpected extra job run if release event semantics differ.

Overview
The release GitHub Action now also triggers on release released events and adds a lightweight promote job that runs npm dist-tag add ... latest for the release tag.

The existing publish pipeline is unchanged in behavior but is now explicitly gated to only run on release published events, preventing it from running during promotion events.

Written by Cursor Bugbot for commit bac7c74. This will update automatically on new commits. Configure here.

@AaronFeledy
test: add MySQL 5.7 SSL connectivity test for Backdrop recipe
7f22e2d 
Reproduces lando/lando#3833 — Backdrop recipe with MySQL 5.7 where
mysql/mysqldump commands from the appserver fail with TLS/SSL errors
due to self-signed certificates.
@AaronFeledy
test: use bare 'database: mysql' with no version to match user's scen…
d9a6083 
…ario

The reporter used the default MySQL version (no version pinned), which
is the more realistic test case.
@netlify
Copy link
Copy Markdown

netlify bot commented Feb 20, 2026
edited
Loading

Deploy Preview for lando-backdrop ready!

Name Link
🔨 Latest commit bac7c74
🔍 Latest deploy log https://app.netlify.com/projects/lando-backdrop/deploys/6997dc4d00a2180007a3896e
😎 Deploy Preview https://deploy-preview-86--lando-backdrop.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 74 (🔴 down 13 from production)
Accessibility: 96 (no change from production)
Best Practices: 100 (no change from production)
SEO: 100 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@AaronFeledy
feat: promote npm edge tag to latest when prerelease is promoted
bac7c74 
Adds a 'released' trigger to the release workflow with a lightweight 'promote' job that runs npm dist-tag to move 'latest' to the current version when a prerelease is promoted to a full release. The existing publish pipeline remains gated to 'published' events only.
@AaronFeledy AaronFeledy force-pushed the feature/promote-edge-on-edit branch from 6396cbc to bac7c74 Compare February 20, 2026 04:00
cursor[bot]
cursor bot reviewed Feb 20, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is ON. A Cloud Agent has been kicked off to fix the reported issue.

.github/workflows/release.yml
echo "::notice title=Promoted $VERSION to latest::The latest tag now points to $VERSION (was edge-only)"
env:
TAG_NAME: ${{ github.event.release.tag_name }}
NODE_AUTH_TOKEN: ${{secrets.NPM_DEPLOY_TOKEN}}
Copy link
Copy Markdown

@cursor cursor bot Feb 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Race condition: promote fails before deploy publishes package

Medium Severity

When a fresh non-prerelease is published, GitHub fires both published and released events as separate workflow runs. The promote job (~15s) will finish well before deploy (minutes of install, lint, test, publish). The npm dist-tag add command in promote will fail because the version hasn't been published to npm yet by deploy. The PR description claims this is "harmless" but it will produce a failed workflow run. Adding needs: deploy wouldn't help since they're in separate workflow runs. The promote job's if condition could also check github.event.release.prerelease == true to only run for actual prerelease promotions.

Additional Locations (1)

Fix in Cursor Fix in Web

@AaronFeledy AaronFeledy merged commit 9e56a50 into main Feb 20, 2026
32 checks passed
@AaronFeledy AaronFeledy deleted the feature/promote-edge-on-edit branch February 20, 2026 04:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AaronFeledy