feat: release workflow with SHA256 checksums + fix Python CI#349
feat: release workflow with SHA256 checksums + fix Python CI#349Spinulosa1111 wants to merge 1 commit into
Conversation
release.yml: - Triggers on v*.*.* tags - Builds CLI with Bun - Packages a release ZIP (excludes .git, node_modules, dist, __pycache__) - Computes SHA256 checksum with sha256sum - Publishes both ZIP and checksums.sha256 as GitHub Release assets using softprops/action-gh-release@v2 python-package-conda.yml: - Replaced broken Conda-based workflow (required environment.yml that does not exist) with a clean pytest runner - Scoped to push/PR on main when scripts/** changes - Runs: python -m pytest src/ui-ux-pro-max/scripts/tests/ -v Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
mrgoonie
left a comment
There was a problem hiding this comment.
Summary: This adds a tag-triggered release workflow and replaces the broken Conda workflow with a pytest workflow. The release direction is useful for the npm/release gap, but this version is not safe to merge because the new Python workflow points at a test directory that does not exist on main.
Risk level: Medium
Mandatory gates:
- Duplicate/prior implementation: overlap found with the release/package queue (#348, #353), but this PR covers a distinct release workflow piece.
- Project standards: checked current workflow/package layout; no existing release workflow is present.
- Strategic necessity: clear value, because #353 shows the project needs a reliable release path.
- CI/checks: missing/not run on this PR.
Findings:
- Important:
.github/workflows/python-package-conda.ymlnow runspython -m pytest src/ui-ux-pro-max/scripts/tests/ -v, but currentmainhas nosrc/ui-ux-pro-max/scripts/tests/directory or pytest config. That means any PR touchingsrc/ui-ux-pro-max/scripts/**will fail with “file or directory not found” instead of giving useful validation. Either add the tests in this PR, point the workflow at an existing test path, or keep the workflow disabled until the test harness exists. - Important:
.github/workflows/release.ymlpackages the whole repository after buildingcli, but excludes everydistpath (--exclude "*/dist/*"). Becausecli/package.jsonexposesdist/index.jsas the executable and the release step just builtcli/dist, the generated release ZIP likely omits the built CLI binary. The release artifact should include the files users/installers need, or explicitly package from a staged directory after verifying the expected contents.
Verdict: REQUEST_CHANGES
|
Cron maintainer follow-up: closing this PR as superseded rather than keeping it in the review queue.nnEvidence:n- The release automation path has already landed via #375 (semantic-release) and #384 (npm publish on release).n- Current main also includes later release/install fixes and tags through v2.8.5, including #387 for installing all seven skills.n- This PR is still merge-conflicted ( |
Summary
release.yml— New workflow triggered onv*.*.*tags: builds the CLI with Bun, packages a release ZIP, computes achecksums.sha256file withsha256sum, and uploads both as GitHub Release assets. Completes the integrity story end-to-end (the CLI already verifies magic bytes and logs SHA256 on download).python-package-conda.yml— Replaced broken Conda workflow (depended onenvironment.ymlthat doesn't exist) with a cleanpytestrunner scoped toscripts/**changes onmainand PRs.Test plan
v2.5.1tag → confirm release is created with a.zipandchecksums.sha256assetsha256sum -c checksums.sha256against the downloaded ZIP should printOKsrc/ui-ux-pro-max/scripts/→ Python CI job runs and passes