Commit 3b16c5c
committed
ci: gate release on a separate test job, least-privilege permissions
GitHub releases are created only by the changesets/action step, and that step
has not completed cleanly on any release-triggering run since mid-June (last
release: @tanstack/ai-react@0.15.5 on 2026-06-15; npm is now at 0.15.12).
The "Version Packages" merge runs (#773, #778, #787, #792, #808, #813) passed
the test gate and then FAILED at the "Run Changesets" step: CI ran
`changeset publish` and npm advanced, but the step died before the tag-push /
GitHub-release phase, so no tags (0.15.6-0.15.12 don't exist) and no releases
were created. More recent runs (#814, #825) now fail even earlier, at the test
gate (test:kiira). (The exact in-step error is no longer recoverable - those
runs' logs have expired.)
Changes:
- Split into a `test` gate job and a `release` job (needs: test) so a flaky run
blocks BOTH npm and GitHub releases together, never one without the other.
- Tighten permissions: top-level contents:read; write scoped to the release job.1 parent f3144a6 commit 3b16c5c
1 file changed
Lines changed: 22 additions & 6 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | | - | |
16 | | - | |
17 | | - | |
| 15 | + | |
18 | 16 | | |
19 | 17 | | |
20 | | - | |
21 | | - | |
| 18 | + | |
| 19 | + | |
22 | 20 | | |
23 | 21 | | |
24 | 22 | | |
25 | 23 | | |
26 | 24 | | |
27 | 25 | | |
28 | 26 | | |
29 | | - | |
| 27 | + | |
30 | 28 | | |
31 | 29 | | |
32 | 30 | | |
33 | 31 | | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
34 | 50 | | |
35 | 51 | | |
36 | 52 | | |
| |||
0 commit comments