Skip to content

ci: fix publish verification matrix#288

Merged
miyaontherelay merged 3 commits into
mainfrom
codex/fix-verify-publish-4-1-29
Jul 17, 2026
Merged

ci: fix publish verification matrix#288
miyaontherelay merged 3 commits into
mainfrom
codex/fix-verify-publish-4-1-29

Conversation

@miyaontherelay

Copy link
Copy Markdown
Contributor

What changed

  • expose all 13 lockstep publish targets in the Verify Publish workflow
  • verify the scoped CLI's supported thin-entry contract without asserting an internal version export
  • add a release-workflow regression that keeps publish targets and verify choices identical and unique

Why

The 4.1.29 release verification exposed two pre-existing workflow defects: six published packages were unavailable as verification choices, and the scoped CLI smoke asserted CLI_VERSION from dist/cli.js even though the thin entry intentionally exports only main.

This changes verification only. It does not republish or modify the healthy 4.1.29 artifacts.

Verification

  • node --test scripts/release-workflows.test.mjs — 2/2 pass
  • clean install/import smoke for @agentworkforce/cli@4.1.29 — pass
  • pnpm run lint — pass
  • pnpm run typecheck — pass
  • git diff --check — pass

Release recovery context: Publish Packages run 29576594956 and failed stale verifier run 29576855509.

@coderabbitai

coderabbitai Bot commented Jul 17, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

📝 Walkthrough

Walkthrough

The release verification workflow updates its selectable package list and scoped CLI smoke-test contract. A new Node test validates package-list synchronization, parsing robustness, and CLI assertions, and the root test script now runs it.

Changes

Release workflow consistency

Layer / File(s) Summary
Workflow package and CLI contracts
.github/workflows/verify-publish.yml
Updates manual package choices and removes the CLI_VERSION export assertion from the scoped CLI smoke test.
Workflow parsing and automated validation
scripts/release-workflows.test.mjs, package.json
Adds workflow consistency and CLI contract tests, then includes them in the root test script.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested reviewers: khaliqgant, willwashburn

Poem

I’m a rabbit guarding releases bright,
Checking each package list just right.
No stray CLI version in sight,
Tests hop through workflows day and night.
Thump, thump—consistency takes flight!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly reflects the main change: fixing the publish verification matrix for CI.
Description check ✅ Passed The description matches the changeset and explains the workflow verification fixes and regression test.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/fix-verify-publish-4-1-29

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new test script, scripts/release-workflows.test.mjs, and integrates it into the package.json test suite to validate that release workflows correctly declare and verify packages. Feedback on the changes suggests normalizing line endings when reading workflow files to prevent failures on Windows environments, and trimming the matched packages string before splitting to avoid potential empty strings that could break file reading.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread scripts/release-workflows.test.mjs
Comment thread scripts/release-workflows.test.mjs Outdated
@miyaontherelay

Copy link
Copy Markdown
Contributor Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new test script, scripts/release-workflows.test.mjs, integrated into the package.json test script, to verify that GitHub Actions workflows for publishing and verifying packages remain synchronized and correctly configured. Feedback on the new test script suggests making the YAML parsing more robust by allowing flexible whitespace in the regular expression and sorting the package arrays before comparison to avoid test failures due to ordering differences.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread scripts/release-workflows.test.mjs
Comment thread scripts/release-workflows.test.mjs
@miyaontherelay
miyaontherelay force-pushed the codex/fix-verify-publish-4-1-29 branch from e90f6ec to 886a73f Compare July 17, 2026 11:40

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
scripts/release-workflows.test.mjs (1)

22-39: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

Make workflow parsing less brittle to formatting changes.

The current line-based and regex parsing strictly expects specific indentation, single quotes, and exact subsequent step names. If the YAML formatting changes slightly or a step is inserted, these tests will break. Consider relaxing the matching logic to improve test resilience.

  • scripts/release-workflows.test.mjs#L22-L39: Use .trim() and a more flexible regex for matching package:, options:, and list items.
  • scripts/release-workflows.test.mjs#L62-L64: Use a positive lookahead (?=\n\s*- name: |$) instead of hardcoding the next step's name.
♻️ Proposed refactors

For verifyPackageChoices (lines 22-39):

-  const packageInput = lines.findIndex((line) => line === '      package:');
+  const packageInput = lines.findIndex((line) => line.trim() === 'package:');
   assert.notEqual(packageInput, -1, 'verify workflow must declare the package input');
 
   const options = lines.findIndex(
-    (line, index) => index > packageInput && line === '        options:'
+    (line, index) => index > packageInput && line.trim() === 'options:'
   );
   assert.notEqual(options, -1, 'verify package input must declare choices');
 
   const choices = [];
   for (const line of lines.slice(options + 1)) {
-    const match = line.match(/^          - '([^']+)'$/);
+    const match = line.trim().match(/^- ['"]([^'"]+)['"]$/);
     if (!match) break;
     choices.push(match[1]);
   }

For the scoped CLI smoke test extraction (lines 62-64):

   const match = verifyWorkflow.match(
-    /- name: Scoped CLI package smoke test([\s\S]*?)\n      - name: Library smoke test/
+    /- name: Scoped CLI package smoke test([\s\S]*?)(?=\n\s*- name: |$)/
   );
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/release-workflows.test.mjs` around lines 22 - 39, Make the workflow
parsers resilient to YAML formatting changes: in
scripts/release-workflows.test.mjs lines 22-39, update verifyPackageChoices to
trim lines and use flexible matching for package:, options:, and list items
rather than fixed indentation or quote style; in lines 62-64, replace the
hardcoded following step name with a positive lookahead matching the next “-
name:” entry or end of input.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/verify-publish.yml:
- Around line 18-29: Update the package options list in the verify-publish
workflow to include `@agentworkforce/events`, matching the first target in
publish.yml and ensuring all 13 lockstep publish targets are exposed.

---

Nitpick comments:
In `@scripts/release-workflows.test.mjs`:
- Around line 22-39: Make the workflow parsers resilient to YAML formatting
changes: in scripts/release-workflows.test.mjs lines 22-39, update
verifyPackageChoices to trim lines and use flexible matching for package:,
options:, and list items rather than fixed indentation or quote style; in lines
62-64, replace the hardcoded following step name with a positive lookahead
matching the next “- name:” entry or end of input.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 6af62181-2747-4b9b-b479-9296f536d101

📥 Commits

Reviewing files that changed from the base of the PR and between cdf7d90 and 886a73f.

📒 Files selected for processing (3)
  • .github/workflows/verify-publish.yml
  • package.json
  • scripts/release-workflows.test.mjs

Comment on lines +18 to +29
- '@agentworkforce/persona-kit'
- '@agentworkforce/runtime'
- '@agentworkforce/compose'
- '@agentworkforce/cli'
- 'agentworkforce'
- '@agentworkforce/delivery'
- '@agentworkforce/workload-router'
- '@agentworkforce/persona-kit'
- '@agentworkforce/deploy'
- '@agentworkforce/review-kit'
- '@agentworkforce/mcp-workforce'
- '@agentworkforce/daytona-runner'
- '@agentworkforce/local-surface'
- '@agentworkforce/cli'
- 'agentworkforce'

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🔴 Critical | ⚡ Quick win

Missing @agentworkforce/events in the package options.

The PR objective states that all 13 lockstep publish targets should be exposed, but the options list only contains 12 items. @agentworkforce/events is missing. Since events is present as the first target in the publish.yml configuration, this omission will cause the newly added release-workflows.test.mjs test to fail on assert.deepEqual(verified, published).

🐛 Proposed fix
+          - '`@agentworkforce/events`'
           - '`@agentworkforce/persona-kit`'
           - '`@agentworkforce/runtime`'
           - '`@agentworkforce/compose`'
           - '`@agentworkforce/delivery`'
           - '`@agentworkforce/workload-router`'
           - '`@agentworkforce/deploy`'
           - '`@agentworkforce/review-kit`'
           - '`@agentworkforce/mcp-workforce`'
           - '`@agentworkforce/daytona-runner`'
           - '`@agentworkforce/local-surface`'
           - '`@agentworkforce/cli`'
           - 'agentworkforce'
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- '@agentworkforce/persona-kit'
- '@agentworkforce/runtime'
- '@agentworkforce/compose'
- '@agentworkforce/cli'
- 'agentworkforce'
- '@agentworkforce/delivery'
- '@agentworkforce/workload-router'
- '@agentworkforce/persona-kit'
- '@agentworkforce/deploy'
- '@agentworkforce/review-kit'
- '@agentworkforce/mcp-workforce'
- '@agentworkforce/daytona-runner'
- '@agentworkforce/local-surface'
- '@agentworkforce/cli'
- 'agentworkforce'
- '`@agentworkforce/events`'
- '`@agentworkforce/persona-kit`'
- '`@agentworkforce/runtime`'
- '`@agentworkforce/compose`'
- '`@agentworkforce/delivery`'
- '`@agentworkforce/workload-router`'
- '`@agentworkforce/deploy`'
- '`@agentworkforce/review-kit`'
- '`@agentworkforce/mcp-workforce`'
- '`@agentworkforce/daytona-runner`'
- '`@agentworkforce/local-surface`'
- '`@agentworkforce/cli`'
- 'agentworkforce'
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/verify-publish.yml around lines 18 - 29, Update the
package options list in the verify-publish workflow to include
`@agentworkforce/events`, matching the first target in publish.yml and ensuring
all 13 lockstep publish targets are exposed.

@miyaontherelay
miyaontherelay merged commit c5fc032 into main Jul 17, 2026
3 checks passed
@miyaontherelay
miyaontherelay deleted the codex/fix-verify-publish-4-1-29 branch July 17, 2026 11:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant