Skip to content

Fix release publish workflow footguns#1294

Merged
RhysSullivan merged 2 commits into
mainfrom
release-publish-fixes
Jul 4, 2026
Merged

Fix release publish workflow footguns#1294
RhysSullivan merged 2 commits into
mainfrom
release-publish-fixes

Conversation

@RhysSullivan

@RhysSullivan RhysSullivan commented Jul 4, 2026

Copy link
Copy Markdown
Collaborator

What changed

  • Retries changeset:version only when the changesets changelog step hits the transient GitHub GraphQL parse failures seen in Release logs.
  • Removes the explicit gh workflow run publish-executor-package.yml dispatch from Release. The pushed v* tag is now the single automatic Publish Executor trigger, while workflow_dispatch remains for repair runs.
  • Splits self-host Docker publishing into native amd64 and arm64 Blacksmith matrix builds, uploads per-arch digest artifacts, then creates the multi-arch manifest for both GHCR namespaces with docker buildx imagetools create.

Release diagnosis

I inspected recent failed Release runs: 28686830716, 28489661728, 28411073545, 28358855701, 28355916948, 28354166786, 28353275594, 28352320755, 28351802611, 28351073786, and 28350205006.

The current noisy changesets failure is not a non-fast-forward branch push or a permissions error. The relevant recent failures die while @changesets/changelog-github is fetching GitHub changelog data:

Run 28489661728, 2026-07-01:
The following error was encountered while generating changelog entries
Error: Failed to parse data from GitHub
Invalid response body while trying to fetch https://api.github.com/graphql: Premature close
error: script "changeset:version" exited with code 1
Run 28411073545, 2026-06-30:
The following error was encountered while generating changelog entries
Error: Failed to parse data from GitHub
Invalid response body while trying to fetch https://api.github.com/graphql: Premature close
error: script "changeset:version" exited with code 1

Several older failures were deterministic changeset authoring errors, for example:

Run 28358855701, 2026-06-29:
Error: Found mixed changeset desktop-titlebar-polish
Found ignored packages: @executor-js/host-cloudflare
Found not ignored packages: @executor-js/desktop @executor-js/host-selfhost @executor-js/react
Mixed changesets that contain both ignored and not ignored packages are not allowed

Those should still fail. The wrapper exits immediately unless the log contains Failed to parse data from GitHub or Premature close, and it resets generated files before retrying the transient case. The Release workflow already had a non-cancelling branch concurrency group, and the sampled logs did not show a changeset branch push race.

The latest sampled failed Release run, 28686830716, passed changesets and failed later in package publish with npm error code E404 for @executor-js/codemode-core@1.5.28, so this PR does not claim to fix that separate npm permission or package availability issue.

Publish trigger diagnosis

Publish Executor history showed paired automatic runs for the same tag, seconds apart:

  • v1.5.27: push run 28490029741 and workflow_dispatch run 28490029285, both successful.
  • v1.5.26: push run 28411821883 and workflow_dispatch run 28411821591, both successful.
  • v1.5.25: push run 28393956665 and workflow_dispatch run 28393956319, both successful.

The tag push path is reliable and directly tied to the validated release tag. Keeping it as the sole automatic path avoids duplicate publishes for the same release.

Self-host Docker notes

The ARM runner label is from Blacksmith instance type docs: blacksmith-4vcpu-ubuntu-2404-arm at https://docs.blacksmith.sh/blacksmith-runners/overview.md.

The workflow still publishes the primary GHCR tags and, when GHCR_LEGACY_TOKEN is configured, mirrors the same tag set into ghcr.io/rhyssullivan/executor-selfhost during the org transition.

Because publish-selfhost-docker.yml is workflow_dispatch only, it still needs a post-merge manual dispatch against a real release tag to validate the full registry push and manifest merge path.

Verification

  • bash /tmp/release-wrapper-review-test.sh: covers attempt-1 success, deterministic non-transient failure without retry, transient Premature close failure across all configured attempts with a nonzero exit, and transient-once success. The transient-once case also creates an untracked package CHANGELOG.md and requires the retry cleanup to remove it before the successful attempt.
  • go run github.com/rhysd/actionlint/cmd/actionlint@latest -config-file /tmp/actionlint-release-runner-label.yaml .github/workflows/release.yml
  • Local dry-run of digest artifact to docker buildx imagetools create argument construction.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 4, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
executor-marketing 3f9cf69 Commit Preview URL

Branch Preview URL
Jul 04 2026, 02:17 AM

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Cloudflare preview

Torn down — the PR is closed.

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 4, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
✅ Deployment successful!
View logs
executor-cloud 3f9cf69 Jul 04 2026, 02:20 AM

@pkg-pr-new

pkg-pr-new Bot commented Jul 4, 2026

Copy link
Copy Markdown

Open in StackBlitz

@executor-js/cli

npm i https://pkg.pr.new/@executor-js/cli@1294

@executor-js/config

npm i https://pkg.pr.new/@executor-js/config@1294

@executor-js/execution

npm i https://pkg.pr.new/@executor-js/execution@1294

@executor-js/sdk

npm i https://pkg.pr.new/@executor-js/sdk@1294

@executor-js/codemode-core

npm i https://pkg.pr.new/@executor-js/codemode-core@1294

@executor-js/runtime-quickjs

npm i https://pkg.pr.new/@executor-js/runtime-quickjs@1294

@executor-js/plugin-file-secrets

npm i https://pkg.pr.new/@executor-js/plugin-file-secrets@1294

@executor-js/plugin-graphql

npm i https://pkg.pr.new/@executor-js/plugin-graphql@1294

@executor-js/plugin-keychain

npm i https://pkg.pr.new/@executor-js/plugin-keychain@1294

@executor-js/plugin-mcp

npm i https://pkg.pr.new/@executor-js/plugin-mcp@1294

@executor-js/plugin-onepassword

npm i https://pkg.pr.new/@executor-js/plugin-onepassword@1294

@executor-js/plugin-openapi

npm i https://pkg.pr.new/@executor-js/plugin-openapi@1294

executor

npm i https://pkg.pr.new/executor@1294

commit: 3f9cf69

@RhysSullivan RhysSullivan marked this pull request as ready for review July 4, 2026 02:39
@RhysSullivan RhysSullivan merged commit 8923827 into main Jul 4, 2026
24 checks passed
@RhysSullivan RhysSullivan deleted the release-publish-fixes branch July 4, 2026 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant