merge queue: embarking main (7fff439) and #1297 together#1317
Closed
mergify[bot] wants to merge 3 commits intomainfrom
Closed
merge queue: embarking main (7fff439) and #1297 together#1317mergify[bot] wants to merge 3 commits intomainfrom
mergify[bot] wants to merge 3 commits intomainfrom
Conversation
During the Rust port, any new click command added to the Python CLI risks being silently missed if the Rust dispatch isn't updated in parallel. This adds a CI-enforced inventory at the repo root plus a pytest that walks the click tree and compares against it. ## How it works ``PORT_STATUS.toml`` lists every click subcommand with an explicit ``status`` of either ``native`` (handled by Rust's dispatch) or ``shimmed`` (forwarded to Python by the py-shim crate). ``mergify_cli/tests/test_port_status.py`` walks ``mergify_cli.cli.cli`` and fires four assertions: - Every discovered click command has an entry. - Every entry corresponds to a live click command (no stale rows). - Every entry uses a valid ``status`` value. - No entry carries extra keys (catches typos like ``stats``). Forgetting to update the file when adding a new Python command becomes a CI failure at test-time rather than a "why is this missing from the binary?" bug report months later. ## Current baseline All 30 click subcommands are listed. Only ``config validate`` is ``native`` today (from Phase 1.3 in the same stack). The remaining 29 are ``shimmed`` — each subsequent port PR flips its entry from ``shimmed`` to ``native`` in the same commit that adds the Rust dispatch, keeping the file and the code in lockstep. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Change-Id: I4a71d672f4795dbb3e2e9523ea01b8d7fbbfbcbe
Starts distributing the static Rust binary alongside the existing PyPI wheel. Both pipelines run on every published GitHub Release until the Phase 1.6 channel switch makes the binary the sole install path. ## What ships per release Seven targets as GitHub Release assets, plus matching ``.sha256`` checksum files: - ``x86_64-unknown-linux-gnu`` (glibc) - ``x86_64-unknown-linux-musl`` (static) - ``aarch64-unknown-linux-gnu`` (glibc, ARM server) - ``aarch64-unknown-linux-musl`` (static, ARM server) - ``x86_64-apple-darwin`` (Intel macOS, signed + notarized) - ``aarch64-apple-darwin`` (Apple Silicon, signed + notarized) - ``x86_64-pc-windows-msvc`` (Windows) Archives use the ``mergify-<tag>-<target>.tar.gz`` / ``.zip`` naming convention. Linux and Windows builds go through ``taiki-e/upload-rust-binary-action`` which handles cross-compilation via ``cross`` automatically. macOS builds run natively on Apple Silicon runners with an explicit pipeline because of the signing + notarization steps. ## macOS signing / notarization The macOS job imports a Developer ID Application certificate into a throwaway keychain, codesigns the binary with the hardened runtime + timestamp, then submits it to Apple's notarytool service. Stapling isn't possible on a bare Mach-O; online Gatekeeper checks approve notarized binaries on first run. Required GitHub Actions secrets (all six must be set before the next release): APPLE_CERTIFICATE base64 of the .p12 Developer ID cert APPLE_CERTIFICATE_PASSWORD password set when exporting the .p12 APPLE_SIGNING_IDENTITY "Developer ID Application: Mergify SAS (TEAMID)" APPLE_API_KEY base64 of the App Store Connect .p8 API key APPLE_API_KEY_ID 10-char key ID from App Store Connect APPLE_API_KEY_ISSUER issuer UUID from App Store Connect ## Install story today Users grab a binary from the releases page: ``https://github.com/Mergifyio/mergify-cli/releases/latest``. A ``curl | sh`` installer script + Homebrew tap land in separate follow-up PRs once we've seen the first binary release succeed. ## Parallel with PyPI ``release.yml`` (existing) keeps publishing to PyPI unchanged. Both workflows key off the same ``release: published`` event. The Phase 1.6 channel switch is the user-coordinated moment where we stop publishing to PyPI and direct users to the binary. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Change-Id: I48adf3e4ebfb49a1ea4ba171862ec72ba1776d7f
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎉 This pull request has been checked successfully and will be merged soon. 🎉
Branch main (7fff439) and #1297 are embarked together for merge.
This pull request has been created by Mergify to speculatively check the mergeability of #1297.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.
Required conditions of queue rule
defaultfor merge:depends-on = Mergifyio/mergify-cli#1296[⛓️ test: add port-inventory guard to catch un-ported Python commands #1296]title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:#approved-reviews-by>=2author = dependabot[bot]author = mergify-ci-botauthor = renovate[bot]body ~= (?ms:.{48,})#changes-requested-reviews-by = 0#review-requested = 0#review-threads-unresolved = 0check-success=ci-gateRequired conditions to stay in the queue:
base=maindepends-on = Mergifyio/mergify-cli#1296[⛓️ test: add port-inventory guard to catch un-ported Python commands #1296]label!=manual mergetitle ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:#approved-reviews-by>=2author = dependabot[bot]author = mergify-ci-botauthor = renovate[bot]body ~= (?ms:.{48,})#changes-requested-reviews-by = 0#review-requested = 0#review-threads-unresolved = 0check-success=ci-gate