Conversation
- Remove dist/action/ from git tracking (7 files) - Simplify .gitignore to just ignore dist/ - Remove dist build from bump-version.sh (version bump only) - Remove github target from .craft.yml (craft handles npm only) - Add workflow steps to build artifacts on release branch, create tags, GitHub releases, and update major version tags The release flow now: 1. Craft creates release branch, bumps version, merges to main, publishes to npm 2. Workflow builds dist/action/ on release branch, commits artifacts 3. Creates tag pointing to artifact commit (no force-push) 4. Creates GitHub release via gh CLI 5. Updates rolling major version tag (v1, etc.) This keeps dist/ out of main while ensuring GitHub Action users can still reference tags that contain the bundled action. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![sentry-warden[bot]](https://avatars.githubusercontent.com/in/2755838?s=60&v=4){kind=small}
| pnpm build | ||
| pnpm build:action |
There was a problem hiding this comment.
🚨 Missing pnpm install before build commands (high confidence)
The workflow runs pnpm build and pnpm build:action (lines 70-71) without first running pnpm install. Dependencies won't exist and the build will fail. The CI workflow correctly runs pnpm install --frozen-lockfile before building.
Suggested fix: Add pnpm install --frozen-lockfile before the build commands
| pnpm build | |
| pnpm build:action | |
| # Install dependencies | |
| pnpm install --frozen-lockfile | |
Identified by Warden via notseer · critical, high confidence
| fi | ||
| # Commit artifacts to release branch | ||
| git add -f dist/action/ | ||
| git commit -m "build: Add action artifacts for ${TAG}" |
There was a problem hiding this comment.
🚨 Missing git user configuration before commit (high confidence)
The workflow runs git commit (line 75) without configuring git user.name and user.email. Git requires these to create commits and will fail with 'Author identity unknown'. The update-major-tag.yml workflow correctly sets these before committing.
Suggested fix: Add git config for user identity before the commit
| git commit -m "build: Add action artifacts for ${TAG}" | |
| # Configure git identity for commits | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
Identified by Warden via notseer · critical, high confidence
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
| fi | ||
| # Commit artifacts to release branch | ||
| git add -f dist/action/ | ||
| git commit -m "build: Add action artifacts for ${TAG}" |
There was a problem hiding this comment.
Bug: The release workflow is missing git config for user.name and user.email before the git commit command, which will cause the commit and the workflow to fail.
Severity: CRITICAL
Suggested Fix
Add the following lines before the git commit command in the release.yml workflow: git config user.name "github-actions[bot]" and git config user.email "github-actions[bot]@users.noreply.github.com".
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: .github/workflows/release.yml#L75
Potential issue: The release workflow attempts to create a git commit using `git commit`
but fails to configure a git user identity beforehand. GitHub Actions runners do not
have a default `user.name` or `user.email`, causing the commit command to fail. This is
evidenced by another workflow in the same repository, `update-major-tag.yml`, which
correctly includes the necessary `git config` steps, indicating this is a known
requirement that was missed.
Did we get this right? 👍 / 👎 to inform future reviews.
| pnpm build | ||
| pnpm build:action |
There was a problem hiding this comment.
Bug: The release workflow runs build commands after git checkout without first running pnpm install, causing the build to fail due to missing dependencies.
Severity: CRITICAL
Suggested Fix
Add a pnpm install --frozen-lockfile command after the git checkout "$RELEASE_BRANCH" line and before the pnpm build command to ensure dependencies are installed and match the lockfile.
Prompt for AI Agent
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.
Location: .github/workflows/release.yml#L70-L71
Potential issue: The release workflow runs `pnpm build` and `pnpm build:action`
immediately after checking out the release branch with `git checkout "$RELEASE_BRANCH"`.
It does not run `pnpm install` after switching branches. This will cause the build to
fail because the required dependencies (like `tsc` and `ncc`) will not be installed or
may be out of sync with the `pnpm-lock.yaml` file of the release branch.
Did we get this right? 👍 / 👎 to inform future reviews.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| fi | ||
| # Build artifacts | ||
| pnpm build | ||
| pnpm build:action |
There was a problem hiding this comment.
Missing pnpm install before build commands
High Severity
The workflow runs pnpm build and pnpm build:action without first running pnpm install to install dependencies. The old bin/bump-version.sh included pnpm install --frozen-lockfile before the build commands, but when the build logic was moved to the workflow, the install step was not included. Other workflows in this repo (like ci.yml and warden.yml) correctly run pnpm install --frozen-lockfile before building. The build will fail because node_modules won't exist.
| fi | ||
| # Commit artifacts to release branch | ||
| git add -f dist/action/ | ||
| git commit -m "build: Add action artifacts for ${TAG}" |
There was a problem hiding this comment.
Missing git user configuration before commit
High Severity
The workflow runs git commit without configuring git user.name and git user.email. GitHub Actions runners don't have a default git user configured, so the commit will fail with "Author identity unknown". The repo's own update-major-tag.yml workflow correctly sets git config user.name and git config user.email before committing.
|
we need to figure out a path here but this prob isnt it |
1 participant
Remove
dist/from main branch while preserving GitHub Action functionality on release tags.Previously,
dist/action/was committed to main and updated on every release. This cluttered the repo history and made main heavier than necessary. The action bundle is only needed by users referencing release tags, not main.New release flow:
dist/action/on the release branch and commits artifacts therev1.2.3) pointing to the artifact commitgh release createv1) for users who pin to major versionsChanges:
dist/action/from git (7 files).gitignoreto justdist/bump-version.sh(version bump only now)githubtarget from.craft.yml(craft handles npm publishing only)Tags are created once correctly on the artifact commit, eliminating the need for force-pushing release tags. Only rolling major version tags (
v1,v2) are force-pushed, which is expected behavior.