ci: fix publish verification matrix#288
Conversation
📝 WalkthroughWalkthroughThe release verification workflow updates its selectable package list and scoped CLI smoke-test contract. A new Node test validates package-list synchronization, parsing robustness, and CLI assertions, and the root test script now runs it. ChangesRelease workflow consistency
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested reviewers: Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Code Review
This pull request introduces a new test script, scripts/release-workflows.test.mjs, and integrates it into the package.json test suite to validate that release workflows correctly declare and verify packages. Feedback on the changes suggests normalizing line endings when reading workflow files to prevent failures on Windows environments, and trimming the matched packages string before splitting to avoid potential empty strings that could break file reading.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request introduces a new test script, scripts/release-workflows.test.mjs, integrated into the package.json test script, to verify that GitHub Actions workflows for publishing and verifying packages remain synchronized and correctly configured. Feedback on the new test script suggests making the YAML parsing more robust by allowing flexible whitespace in the regular expression and sorting the package arrays before comparison to avoid test failures due to ordering differences.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
e90f6ec to
886a73f
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
scripts/release-workflows.test.mjs (1)
22-39: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low valueMake workflow parsing less brittle to formatting changes.
The current line-based and regex parsing strictly expects specific indentation, single quotes, and exact subsequent step names. If the YAML formatting changes slightly or a step is inserted, these tests will break. Consider relaxing the matching logic to improve test resilience.
scripts/release-workflows.test.mjs#L22-L39: Use.trim()and a more flexible regex for matchingpackage:,options:, and list items.scripts/release-workflows.test.mjs#L62-L64: Use a positive lookahead(?=\n\s*- name: |$)instead of hardcoding the next step's name.♻️ Proposed refactors
For
verifyPackageChoices(lines 22-39):- const packageInput = lines.findIndex((line) => line === ' package:'); + const packageInput = lines.findIndex((line) => line.trim() === 'package:'); assert.notEqual(packageInput, -1, 'verify workflow must declare the package input'); const options = lines.findIndex( - (line, index) => index > packageInput && line === ' options:' + (line, index) => index > packageInput && line.trim() === 'options:' ); assert.notEqual(options, -1, 'verify package input must declare choices'); const choices = []; for (const line of lines.slice(options + 1)) { - const match = line.match(/^ - '([^']+)'$/); + const match = line.trim().match(/^- ['"]([^'"]+)['"]$/); if (!match) break; choices.push(match[1]); }For the scoped CLI smoke test extraction (lines 62-64):
const match = verifyWorkflow.match( - /- name: Scoped CLI package smoke test([\s\S]*?)\n - name: Library smoke test/ + /- name: Scoped CLI package smoke test([\s\S]*?)(?=\n\s*- name: |$)/ );🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/release-workflows.test.mjs` around lines 22 - 39, Make the workflow parsers resilient to YAML formatting changes: in scripts/release-workflows.test.mjs lines 22-39, update verifyPackageChoices to trim lines and use flexible matching for package:, options:, and list items rather than fixed indentation or quote style; in lines 62-64, replace the hardcoded following step name with a positive lookahead matching the next “- name:” entry or end of input.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/verify-publish.yml:
- Around line 18-29: Update the package options list in the verify-publish
workflow to include `@agentworkforce/events`, matching the first target in
publish.yml and ensuring all 13 lockstep publish targets are exposed.
---
Nitpick comments:
In `@scripts/release-workflows.test.mjs`:
- Around line 22-39: Make the workflow parsers resilient to YAML formatting
changes: in scripts/release-workflows.test.mjs lines 22-39, update
verifyPackageChoices to trim lines and use flexible matching for package:,
options:, and list items rather than fixed indentation or quote style; in lines
62-64, replace the hardcoded following step name with a positive lookahead
matching the next “- name:” entry or end of input.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 6af62181-2747-4b9b-b479-9296f536d101
📒 Files selected for processing (3)
.github/workflows/verify-publish.ymlpackage.jsonscripts/release-workflows.test.mjs
| - '@agentworkforce/persona-kit' | ||
| - '@agentworkforce/runtime' | ||
| - '@agentworkforce/compose' | ||
| - '@agentworkforce/cli' | ||
| - 'agentworkforce' | ||
| - '@agentworkforce/delivery' | ||
| - '@agentworkforce/workload-router' | ||
| - '@agentworkforce/persona-kit' | ||
| - '@agentworkforce/deploy' | ||
| - '@agentworkforce/review-kit' | ||
| - '@agentworkforce/mcp-workforce' | ||
| - '@agentworkforce/daytona-runner' | ||
| - '@agentworkforce/local-surface' | ||
| - '@agentworkforce/cli' | ||
| - 'agentworkforce' |
There was a problem hiding this comment.
🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win
Missing @agentworkforce/events in the package options.
The PR objective states that all 13 lockstep publish targets should be exposed, but the options list only contains 12 items. @agentworkforce/events is missing. Since events is present as the first target in the publish.yml configuration, this omission will cause the newly added release-workflows.test.mjs test to fail on assert.deepEqual(verified, published).
🐛 Proposed fix
+ - '`@agentworkforce/events`'
- '`@agentworkforce/persona-kit`'
- '`@agentworkforce/runtime`'
- '`@agentworkforce/compose`'
- '`@agentworkforce/delivery`'
- '`@agentworkforce/workload-router`'
- '`@agentworkforce/deploy`'
- '`@agentworkforce/review-kit`'
- '`@agentworkforce/mcp-workforce`'
- '`@agentworkforce/daytona-runner`'
- '`@agentworkforce/local-surface`'
- '`@agentworkforce/cli`'
- 'agentworkforce'📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - '@agentworkforce/persona-kit' | |
| - '@agentworkforce/runtime' | |
| - '@agentworkforce/compose' | |
| - '@agentworkforce/cli' | |
| - 'agentworkforce' | |
| - '@agentworkforce/delivery' | |
| - '@agentworkforce/workload-router' | |
| - '@agentworkforce/persona-kit' | |
| - '@agentworkforce/deploy' | |
| - '@agentworkforce/review-kit' | |
| - '@agentworkforce/mcp-workforce' | |
| - '@agentworkforce/daytona-runner' | |
| - '@agentworkforce/local-surface' | |
| - '@agentworkforce/cli' | |
| - 'agentworkforce' | |
| - '`@agentworkforce/events`' | |
| - '`@agentworkforce/persona-kit`' | |
| - '`@agentworkforce/runtime`' | |
| - '`@agentworkforce/compose`' | |
| - '`@agentworkforce/delivery`' | |
| - '`@agentworkforce/workload-router`' | |
| - '`@agentworkforce/deploy`' | |
| - '`@agentworkforce/review-kit`' | |
| - '`@agentworkforce/mcp-workforce`' | |
| - '`@agentworkforce/daytona-runner`' | |
| - '`@agentworkforce/local-surface`' | |
| - '`@agentworkforce/cli`' | |
| - 'agentworkforce' |
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/workflows/verify-publish.yml around lines 18 - 29, Update the
package options list in the verify-publish workflow to include
`@agentworkforce/events`, matching the first target in publish.yml and ensuring
all 13 lockstep publish targets are exposed.
What changed
Why
The 4.1.29 release verification exposed two pre-existing workflow defects: six published packages were unavailable as verification choices, and the scoped CLI smoke asserted
CLI_VERSIONfromdist/cli.jseven though the thin entry intentionally exports onlymain.This changes verification only. It does not republish or modify the healthy 4.1.29 artifacts.
Verification
node --test scripts/release-workflows.test.mjs— 2/2 pass@agentworkforce/cli@4.1.29— passpnpm run lint— passpnpm run typecheck— passgit diff --check— passRelease recovery context: Publish Packages run 29576594956 and failed stale verifier run 29576855509.