Commit 92ca3b7
authored
ci+chore: version-alignment gate + resync package-lock to 5.6.0 (#182)
* ci+chore: add version-alignment gate + fix package-lock drift
TS SDK's release workflow bumps package.json and regenerates
src/version.ts at publish time but never commits the bump back.
The repo stays in sync for those two files on merge (because the
feature PR that ships a version bump updates them), but the
package-lock.json was left at 5.5.0 from the prior release even
as package.json moved to 5.6.0 — a real drift this PR caught and
fixed before anyone noticed.
Two things in this PR:
1. validate-version-alignment CI gate — a new workflow + script,
patterned on the axonflow-enterprise script of the same name
and the newly-landed equivalents in axonflow-sdk-go (PR #130)
and axonflow-sdk-python (PR #153). Fails any PR or push to
main that leaves package.json, src/version.ts, or package-
lock.json out of sync with the most recent ## [X.Y.Z] section
in CHANGELOG.md.
2. package-lock.json resync — regenerated via
`npm install --package-lock-only` so it matches package.json
at 5.6.0. This was real drift (lock said 5.5.0, everything else
5.6.0) that the new gate surfaced on its first local run.
The invariant on main going forward:
package.json::version
== src/version.ts::VERSION
== package-lock.json::version
== first ## [X.Y.Z] section in CHANGELOG.md
Release-prep PRs going forward must rename [Unreleased] → [X.Y.Z]
AND bump the three manifest files (via `npm version X.Y.Z
--no-git-tag-version` + `npm run stamp-version`) in the same
commit, so the gate sees them as consistent throughout.
Verified locally:
- Pre-fix state (lock 5.5.0, everyone else 5.6.0) → gate fires
with a clean 'expected 5.6.0' diff on package-lock.json and
the correct remediation command (`npm version`)
- Post-fix state (all at 5.6.0) → gate passes
* fix(script): handle grep-no-match without silently aborting
Under 'set -euo pipefail', the LATEST_VERSION extraction would abort
the whole script before reaching the friendly '-z' error check when
CHANGELOG has no released section (e.g. fresh repo, or someone
deleted the last section). The grep's non-zero exit failed the
command substitution, which set -e treated as a script-wide abort.
Wrapped the grep in { ... || true; } so the -z branch fires with
the intended error message. Same fix now live in the Go arm
(PR #130) and Python arm (PR #153).
Verified by running the exact pipeline pattern against a no-match
input outside the script: reaches LATEST=[] and the -z branch,
no silent abort.
* fix(script): deep-check package-lock.json — both top-level and packages[""].version
Review finding: the script comment claimed to check both the
top-level package-lock.json.version AND the root-package entry
packages[""].version, but the implementation only read the
top-level one. That left a real silent-drift path — a PR could
keep top-level aligned while the root-package entry stayed stale
and the gate would still pass.
npm keeps both fields synchronized through normal flows (npm
install, npm version), but manual edits, partial merges, and tool
quirks can desync them. Either field being stale breaks the
npm publish / npm ci invariants.
Fix: validate both fields independently. Error message points at
which specific field drifted so the remediation is unambiguous.
Verified locally:
- Baseline (all at 5.6.0) → PASS
- packages[""].version manually set to 5.5.0 while top-level
stays 5.6.0 → gate fires cleanly on 'packages[""].version is
"5.5.0", expected "5.6.0"' with the correct field named
- Post-revert (npm install --package-lock-only) → PASS again1 parent 65e1aa8 commit 92ca3b7
3 files changed
Lines changed: 162 additions & 2 deletions
File tree
- .github
- scripts
- workflows
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
| 49 | + | |
| 50 | + | |
| 51 | + | |
| 52 | + | |
| 53 | + | |
| 54 | + | |
| 55 | + | |
| 56 | + | |
| 57 | + | |
| 58 | + | |
| 59 | + | |
| 60 | + | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
| 68 | + | |
| 69 | + | |
| 70 | + | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
| 82 | + | |
| 83 | + | |
| 84 | + | |
| 85 | + | |
| 86 | + | |
| 87 | + | |
| 88 | + | |
| 89 | + | |
| 90 | + | |
| 91 | + | |
| 92 | + | |
| 93 | + | |
| 94 | + | |
| 95 | + | |
| 96 | + | |
| 97 | + | |
| 98 | + | |
| 99 | + | |
| 100 | + | |
| 101 | + | |
| 102 | + | |
| 103 | + | |
| 104 | + | |
| 105 | + | |
| 106 | + | |
| 107 | + | |
| 108 | + | |
| 109 | + | |
| 110 | + | |
| 111 | + | |
| 112 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
| 1 | + | |
| 2 | + | |
| 3 | + | |
| 4 | + | |
| 5 | + | |
| 6 | + | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
| 14 | + | |
| 15 | + | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
| 36 | + | |
| 37 | + | |
| 38 | + | |
| 39 | + | |
| 40 | + | |
| 41 | + | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + | |
| 47 | + | |
| 48 | + | |
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments