ref(ci): Align snapshot versioning with release workflow

runningcode · claude · runningcode · commit 9947a3cdd614 · 2026-03-12T15:01:21.000+01:00
Instead of patching version files at build time via the override-version
composite action, snapshots now follow the same pattern as releases:
bump all version files upfront using bump-version.sh, commit to a
temporary snapshot branch, and let build.yml build from correct source.

This removes the fragile override-version action (called 5 times across
different jobs with sed/awk/node), replaces the snapshot-version input
with checkout-ref and is-snapshot, and adds a cleanup job to delete the
temporary branch after publish.

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/.github/actions/override-version/action.yml b/.github/actions/override-version/action.yml
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -9,7 +9,10 @@ on:
       skip-signing:
         type: boolean
         default: false
-      snapshot-version:
+      is-snapshot:
+        type: boolean
+        default: false
+      checkout-ref:
         type: string
         default: ''
 
@@ -40,13 +43,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
-
-      - name: Override version
-        if: ${{ inputs.snapshot-version != '' }}
-        uses: ./.github/actions/override-version
         with:
-          version: ${{ inputs.snapshot-version }}
-          target: cargo
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Add Rustup Target
         run: |
@@ -83,13 +81,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
-
-      - name: Override version
-        if: ${{ inputs.snapshot-version != '' }}
-        uses: ./.github/actions/override-version
         with:
-          version: ${{ inputs.snapshot-version }}
-          target: cargo
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Add Rustup Target
         run: rustup target add ${{ matrix.target }}
@@ -178,6 +171,8 @@ jobs:
       - name: Checkout repository
         if: ${{ !inputs.skip-signing }}
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Install `rcodesign`
         if: ${{ !inputs.skip-signing }}
@@ -247,13 +242,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
-
-      - name: Override version
-        if: ${{ inputs.snapshot-version != '' }}
-        uses: ./.github/actions/override-version
         with:
-          version: ${{ inputs.snapshot-version }}
-          target: cargo
+          ref: ${{ inputs.checkout-ref }}
 
       # When rustup is updated, it tries to replace its binary, which on Windows is somehow locked.
       # This can result in the CI failure, see: https://github.com/rust-lang/rustup/issues/3029
@@ -286,6 +276,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
         with:
@@ -294,13 +286,6 @@ jobs:
       - name: Install dependencies
         run: npm ci --ignore-scripts
 
-      - name: Override version
-        if: ${{ inputs.snapshot-version != '' }}
-        uses: ./.github/actions/override-version
-        with:
-          version: ${{ inputs.snapshot-version }}
-          target: npm
-
       - name: Download compiled binaries
         uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # 8.0.0
         with:
@@ -322,11 +307,13 @@ jobs:
           if-no-files-found: 'error'
 
   python-base:
-    if: ${{ !inputs.snapshot-version }}
+    if: ${{ !inputs.is-snapshot }}
     name: python (base)
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - name: Add Rustup Target
         run: rustup target add x86_64-unknown-linux-musl
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
@@ -340,12 +327,14 @@ jobs:
           if-no-files-found: 'error'
 
   python:
-    if: ${{ !inputs.snapshot-version }}
+    if: ${{ !inputs.is-snapshot }}
     name: python
     runs-on: ubuntu-24.04
     needs: [linux, sign-macos-binaries, windows, python-base]
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # 6.2.0
         with:
           python-version: '3.11'
@@ -372,15 +361,11 @@ jobs:
     needs: [linux, sign-macos-binaries, windows]
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
         with:
           node-version: '20.10.0'
-      - name: Override version
-        if: ${{ inputs.snapshot-version != '' }}
-        uses: ./.github/actions/override-version
-        with:
-          version: ${{ inputs.snapshot-version }}
-          target: npm-distributions
       - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # 8.0.0
         with:
           pattern: artifact-bin-*
@@ -416,7 +401,7 @@ jobs:
           if-no-files-found: 'error'
 
   platform-specific-docker:
-    if: ${{ !inputs.snapshot-version }}
+    if: ${{ !inputs.is-snapshot }}
     name: Build Docker Image (${{ matrix.platform }})
     strategy:
       matrix:
@@ -431,6 +416,8 @@ jobs:
       packages: write
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
+        with:
+          ref: ${{ inputs.checkout-ref }}
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # 3.12.0
@@ -453,7 +440,7 @@ jobs:
           cache-to: type=gha,mode=max,scope=${{ matrix.platform }}
 
   multiarch-docker:
-    if: ${{ !inputs.snapshot-version }}
+    if: ${{ !inputs.is-snapshot }}
     name: Create Multi-Architecture Docker Image
     needs: platform-specific-docker
     runs-on: ubuntu-24.04
@@ -474,7 +461,7 @@ jobs:
             ghcr.io/${{ github.repository }}:${{ github.sha }}-arm64
 
   merge:
-    if: ${{ !inputs.snapshot-version }}
+    if: ${{ !inputs.is-snapshot }}
     name: Create Release Artifact
     runs-on: ubuntu-24.04
     needs: [linux, sign-macos-binaries, windows, npm-distributions, node, python]
diff --git a/.github/workflows/snapshot.yml b/.github/workflows/snapshot.yml
@@ -3,15 +3,24 @@ name: Snapshot Release
 on:
   workflow_dispatch:
 
+permissions:
+  contents: write
+
 jobs:
-  compute-version:
-    name: Compute Snapshot Version
+  prepare:
+    name: Prepare Snapshot
     runs-on: ubuntu-24.04
     outputs:
       version: ${{ steps.version.outputs.version }}
+      ref: ${{ steps.push.outputs.ref }}
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
 
+      # Computes a semver-compliant snapshot version based on the current
+      # version in Cargo.toml. The minor version is bumped so that the
+      # snapshot sorts higher than the current release but lower than the
+      # next real release. For example, if Cargo.toml has 3.3.1, the
+      # snapshot version will be 3.4.0-snapshot.20260312.abc1234.
       - name: Compute snapshot version
         id: version
         run: |
@@ -23,20 +32,41 @@ jobs:
           SHORT_SHA=$(git rev-parse --short HEAD)
           VERSION="${MAJOR}.${NEXT_MINOR}.0-snapshot.${DATE}.${SHORT_SHA}"
           echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          echo "current=$CURRENT" >> "$GITHUB_OUTPUT"
           echo "Snapshot version: $VERSION"
 
+      - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
+        with:
+          node-version: '20.10.0'
+
+      - name: Bump versions
+        run: scripts/bump-version.sh "${{ steps.version.outputs.current }}" "${{ steps.version.outputs.version }}"
+
+      - name: Push snapshot branch
+        id: push
+        run: |
+          BRANCH="snapshot/${{ steps.version.outputs.version }}"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git checkout -b "$BRANCH"
+          git add -A
+          git commit -m "snapshot: ${{ steps.version.outputs.version }}"
+          git push origin "$BRANCH"
+          echo "ref=$BRANCH" >> "$GITHUB_OUTPUT"
+
   build:
     name: Build
-    needs: compute-version
+    needs: prepare
     uses: ./.github/workflows/build.yml
     with:
       skip-signing: true
-      snapshot-version: ${{ needs.compute-version.outputs.version }}
+      is-snapshot: true
+      checkout-ref: ${{ needs.prepare.outputs.ref }}
     secrets: inherit
 
   publish-npm:
     name: Publish to npm
-    needs: [compute-version, build]
+    needs: [prepare, build]
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # 6.2.0
@@ -70,3 +100,15 @@ jobs:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
         run: |
           npm publish node-package/*.tgz --tag snapshot
+
+  cleanup:
+    name: Cleanup
+    needs: [prepare, publish-npm]
+    if: always()
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Delete snapshot branch
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh api -X DELETE "repos/${{ github.repository }}/git/refs/heads/${{ needs.prepare.outputs.ref }}" || true
