Skip to content

ci: restore workflow_dispatch trigger to pypi_publish.yml for prereleases#1045

Merged
Aaron ("AJ") Steers (aaronsteers) merged 2 commits into
mainfrom
devin/1780721310-fix-prerelease-workflow
Jun 6, 2026
Merged

ci: restore workflow_dispatch trigger to pypi_publish.yml for prereleases#1045
Aaron ("AJ") Steers (aaronsteers) merged 2 commits into
mainfrom
devin/1780721310-fix-prerelease-workflow

Conversation

@aaronsteers

@aaronsteers Aaron ("AJ") Steers (aaronsteers) commented Jun 6, 2026

Copy link
Copy Markdown
Member

Summary

PR #944 accidentally removed the workflow_dispatch trigger from pypi_publish.yml, breaking the /prerelease slash command. prerelease-command.yml dispatches pypi_publish.yml via workflow_dispatch with git_ref, version_override, and publish inputs — but the simplified workflow only had release: published.

This restores the trigger with conditional steps to handle both paths:

  • release: downloads pre-built assets (existing behavior, unchanged)
  • workflow_dispatch: checks out inputs.git_ref, builds with UV_DYNAMIC_VERSIONING_BYPASS, publishes

Security hardening for the dispatch path: persist-credentials: false on checkout, enable-cache: false on setup-uv (prevents cache poisoning from untrusted PR refs).

Requested by: Aaron ("AJ") Steers (@aaronsteers)

Link to Devin session: https://app.devin.ai/sessions/9f900ef4021147adb369727617d08827

Summary by CodeRabbit

  • Chores
    • Added a manual prerelease publishing trigger with inputs for selecting a ref, overriding the package version, and toggling publish behavior, enabling flexible prerelease builds.
    • Updated publish behavior so release-triggered publishes remain unchanged while manual prerelease dispatches can opt into publishing.

…ases

PR #944 accidentally removed the workflow_dispatch trigger from
pypi_publish.yml, breaking the /prerelease slash command (which
dispatches this workflow via prerelease-command.yml).

This restores the trigger with git_ref, version_override, and publish
inputs, adds conditional steps to handle both release and dispatch
events, and includes security hardening (persist-credentials: false,
enable-cache: false) for untrusted PR ref checkouts.

Co-Authored-By: AJ Steers <aj@airbyte.io>
@devin-ai-integration

Copy link
Copy Markdown
Contributor

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment, CI, and merge conflict monitoring

@coderabbitai

coderabbitai Bot commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

Need the big picture first? Review this PR in Change Stack to see what changed before going file by file.

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 0c70c7fd-b75c-4265-bb7c-945b8d81d2d8

📥 Commits

Reviewing files that changed from the base of the PR and between d875b07 and 4542039.

📒 Files selected for processing (1)
  • .github/workflows/pypi_publish.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/pypi_publish.yml

📝 Walkthrough

Walkthrough

The PyPI publishing workflow gains a workflow_dispatch trigger for manual prerelease builds. New inputs allow specifying a git ref, version override, and publish confirmation. Conditional job steps download release assets for scheduled releases, or check out a specified ref and build with a version override for dispatch events. The publish step now runs for both release events and manual dispatch requests.

Changes

Prerelease Workflow Dispatch

Layer / File(s) Summary
Prerelease workflow dispatch inputs and conditional job steps
.github/workflows/pypi_publish.yml
Adds workflow_dispatch trigger with git_ref, version_override, and publish inputs. Conditional job steps download release assets for release events, and for dispatch events check out the specified ref, install uv, and build with UV_DYNAMIC_VERSIONING_BYPASS set from version override. Publish step updated to run on release events or when inputs.publish is true.

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: restoring a removed workflow_dispatch trigger for prerelease builds in the PyPI publishing workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch devin/1780721310-fix-prerelease-workflow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/pypi_publish.yml (1)

54-67: ⚡ Quick win

Would you consider pinning these new actions to SHA hashes for supply chain security?

The static analysis tool flags actions/checkout@v4 (line 57) and astral-sh/setup-uv@v6 (line 65) as unpinned. I see the existing pypa/gh-action-pypi-publish@v1.13.0 also uses version tags, so this is consistent with the current pattern in the file. That said, SHA-pinning (e.g., actions/checkout@<sha>) provides stronger guarantees against tag-based supply chain attacks, wdyt?

The security hardening with persist-credentials: false and enable-cache: false is a nice touch for untrusted PR refs! 👍

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pypi_publish.yml around lines 54 - 67, Replace the
floating tags for the GitHub Actions with SHA-pinned refs: change the uses
entries for actions/checkout@v4 and astral-sh/setup-uv@v6 to their corresponding
commit SHAs (e.g., actions/checkout@<sha> and astral-sh/setup-uv@<sha>). Locate
the uses lines for "actions/checkout" and "astral-sh/setup-uv" in the workflow
and update them to the canonical commit SHA for the desired tag/release, then
verify the SHAs match the upstream repository releases and run the workflow to
confirm compatibility.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/pypi_publish.yml:
- Around line 54-67: Replace the floating tags for the GitHub Actions with
SHA-pinned refs: change the uses entries for actions/checkout@v4 and
astral-sh/setup-uv@v6 to their corresponding commit SHAs (e.g.,
actions/checkout@<sha> and astral-sh/setup-uv@<sha>). Locate the uses lines for
"actions/checkout" and "astral-sh/setup-uv" in the workflow and update them to
the canonical commit SHA for the desired tag/release, then verify the SHAs match
the upstream repository releases and run the workflow to confirm compatibility.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: de9461cf-8c79-42d5-a232-50aac9460836

📥 Commits

Reviewing files that changed from the base of the PR and between 2170721 and d875b07.

📒 Files selected for processing (1)
  • .github/workflows/pypi_publish.yml

devin-ai-integration[bot]

This comment was marked as resolved.

@aaronsteers Aaron ("AJ") Steers (aaronsteers) marked this pull request as ready for review June 6, 2026 04:52
Copilot AI review requested due to automatic review settings June 6, 2026 04:52

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 3 additional findings.

Open in Devin Review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Restores workflow_dispatch support to the PyPI publish workflow so the /prerelease slash command can dispatch pypi_publish.yml with inputs for git_ref, version_override, and whether to publish, while keeping the existing release: published path that downloads and publishes pre-built release assets.

Changes:

  • Reintroduced workflow_dispatch trigger with required inputs for prerelease publishing.
  • Added conditional steps to support two execution paths: release asset download vs. checkout+build with version override.
  • Added some hardening for the dispatch path (persist-credentials: false, enable-cache: false).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/pypi_publish.yml Outdated
Comment thread .github/workflows/pypi_publish.yml Outdated
Comment thread .github/workflows/pypi_publish.yml Outdated
Comment thread .github/workflows/pypi_publish.yml
- actions/checkout: v4 → v6 (SHA-pinned)
- astral-sh/setup-uv: v6 → v7 (SHA-pinned)
- inputs.* → github.event.inputs.* for consistency
- Publish condition: explicitly gate on workflow_dispatch event

Co-Authored-By: AJ Steers <aj@airbyte.io>
@github-code-quality

github-code-quality Bot commented Jun 6, 2026

Copy link
Copy Markdown
Contributor

Code Coverage Overview

Languages: Python

Python / code-coverage/pytest-fast

The overall coverage in the branch is 67%. The coverage in the branch is 65%.

Show a code coverage summary of the most impacted files.
File d9f652f 4542039 +/-
airbyte/_util/api_util.py 36% 37% +1%
airbyte/registry.py 70% 72% +2%
airbyte/mcp/_tool_utils.py 72% 77% +5%
airbyte/mcp/int...c_history_ui.py 0% 36% +36%
airbyte/mcp/int...hared_models.py 0% 81% +81%
airbyte/cloud/models.py 0% 91% +91%
airbyte/mcp/int..._registry_ui.py 0% 92% +92%
airbyte/mcp/int...nc_status_ui.py 0% 97% +97%
airbyte/mcp/int...ive/__init__.py 0% 100% +100%
airbyte/mcp/int...tive/_prefab.py 0% 100% +100%

Python / code-coverage/pytest-no-creds

The overall coverage in the branch is 67%. The coverage in the branch is 65%.

Show a code coverage summary of the most impacted files.
File d9f652f 4542039 +/-
airbyte/_util/api_util.py 36% 37% +1%
airbyte/registry.py 70% 72% +2%
airbyte/mcp/_tool_utils.py 72% 77% +5%
airbyte/mcp/int...c_history_ui.py 0% 36% +36%
airbyte/mcp/int...hared_models.py 0% 81% +81%
airbyte/cloud/models.py 0% 91% +91%
airbyte/mcp/int..._registry_ui.py 0% 92% +92%
airbyte/mcp/int...nc_status_ui.py 0% 97% +97%
airbyte/mcp/int...ive/__init__.py 0% 100% +100%
airbyte/mcp/int...tive/_prefab.py 0% 100% +100%

Python / code-coverage/pytest

The overall coverage in the branch is 72%. The coverage in the branch is 71%.

Show a code coverage summary of the most impacted files.
File d9f652f 4542039 +/-
airbyte/_util/api_util.py 72% 72% 0%
airbyte/registry.py 70% 72% +2%
airbyte/mcp/_tool_utils.py 72% 77% +5%
airbyte/mcp/int...c_history_ui.py 0% 36% +36%
airbyte/mcp/int...hared_models.py 0% 81% +81%
airbyte/mcp/int..._registry_ui.py 0% 92% +92%
airbyte/cloud/models.py 0% 93% +93%
airbyte/mcp/int...nc_status_ui.py 0% 97% +97%
airbyte/mcp/int...ive/__init__.py 0% 100% +100%
airbyte/mcp/int...tive/_prefab.py 0% 100% +100%

Updated June 06, 2026 05:23 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.

@aaronsteers Aaron ("AJ") Steers (aaronsteers) merged commit b2c8f7f into main Jun 6, 2026
23 checks passed
@aaronsteers Aaron ("AJ") Steers (aaronsteers) deleted the devin/1780721310-fix-prerelease-workflow branch June 6, 2026 05:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants