chore: consolidate release workflow into single job#2
Conversation
- Merge test and publish into one job to avoid duplicate Python setup - Remove environment setting (not configured on PyPI)
WalkthroughThe release workflow is restructured to consolidate test and publish operations into a single sequential job instead of separate dependent jobs. The build tooling setup is simplified by removing the pip upgrade step during installation. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Line 14: The pipeline's job timeout is still set to "timeout-minutes: 10" but
the job now runs test, build and publish sequentially; increase the timeout to a
higher value (e.g., 30 or 60) by updating the "timeout-minutes" key in the
workflow (replace the "timeout-minutes: 10" entry) so the combined job won't be
cancelled under normal variance; pick a value appropriate for your longest
expected run time and CI provider limits.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 93a1612a-c3b9-4185-8810-e01af1f5583c
📒 Files selected for processing (1)
.github/workflows/release.yml
Objective: Code scanning flagged 3 alerts — test.yml and test-full.yml use default read-write permissions when they only need read access. Approach: Add `permissions: contents: read` to both workflows to follow the principle of least privilege. Evidence: Resolves all 3 code-scanning alerts: - .github/workflows/test.yml (alerts #2, #3) - .github/workflows/test-full.yml (alert #1)
Objective
The release workflow runs Python setup and checkout twice — once for the test job and once for the publish job. This wastes CI time on duplicate environment setup for every release.
Approach
Merge the two jobs (test → publish) into a single job that runs test → build → publish sequentially. Remove the
environment: releasesetting which was not configured on PyPI trusted publisher.Evidence
Compared before/after workflow structure:
needs)release(not configured)Summary by CodeRabbit