fix(ci): remove make-package-public step#27
Merged
KailasMahavarkar merged 6 commits intomainfrom Apr 10, 2026
Merged
Conversation
Adds a release job to the CI workflow. On every push to main, after verify passes, it reads the version from package.json and checks if the tag already exists. If not, gh release create runs with --generate-notes, which triggers the existing Docker build job and produces versioned tags (:v1.1.0, :latest). No manual release steps needed — bump the version in a PR, merge, done. Also bumps package.json to 1.1.0 to exercise the new path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Restore ghcr.io as registry (Docker Hub changes reverted) - Add 'Make package public' step that patches /orgs/orkait/packages/container/hyperstack with visibility=public after every image push Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Previously ran on every push to main. Now that the release job
auto-creates a GitHub release on version bump, Docker should only
build when a release is published — not on every commit.
Flow: push to main → verify → release (if version bumped)
release published → verify → build-and-push-image
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
GITHUB_TOKEN with packages:write can push images but cannot change package visibility — that requires admin:packages scope which Actions tokens don't receive. Removing the step; set the package public once manually in GitHub UI (Packages → Package settings → Change visibility). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
KailasMahavarkar
added a commit
that referenced
this pull request
Apr 14, 2026
* chore: auto-release on package.json version bump + bump to v1.1.0
Adds a release job to the CI workflow. On every push to main, after
verify passes, it reads the version from package.json and checks if
the tag already exists. If not, gh release create runs with
--generate-notes, which triggers the existing Docker build job and
produces versioned tags (:v1.1.0, :latest).
No manual release steps needed — bump the version in a PR, merge, done.
Also bumps package.json to 1.1.0 to exercise the new path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(docker): bun.lockb → bun.lock (bun 1.3+ uses text lockfile)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: revert to ghcr.io and make package public after each push
- Restore ghcr.io as registry (Docker Hub changes reverted)
- Add 'Make package public' step that patches /orgs/orkait/packages/container/hyperstack
with visibility=public after every image push
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(ci): build-and-push-image only on release events
Previously ran on every push to main. Now that the release job
auto-creates a GitHub release on version bump, Docker should only
build when a release is published — not on every commit.
Flow: push to main → verify → release (if version bumped)
release published → verify → build-and-push-image
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix(ci): remove make-package-public step
GITHUB_TOKEN with packages:write can push images but cannot change
package visibility — that requires admin:packages scope which Actions
tokens don't receive. Removing the step; set the package public once
manually in GitHub UI (Packages → Package settings → Change visibility).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The `Make package public on ghcr.io` step was calling:
```
PATCH /orgs/orkait/packages/container/hyperstack { visibility: public }
```
This returns 404 because `GITHUB_TOKEN` with `packages: write` can push images but cannot change package visibility — that requires `admin:packages` scope which Actions tokens don't receive.
Fix
Remove the step. Set the package public once manually in GitHub UI:
Packages → hyperstack → Package settings → Change visibility → Public
It stays public permanently after that.
🤖 Generated with Claude Code