Skip to content

ci: make client release dry-runs approval-free#222

Merged
NikolayS merged 1 commit intomainfrom
release/client-distribution-readiness
May 7, 2026
Merged

ci: make client release dry-runs approval-free#222
NikolayS merged 1 commit intomainfrom
release/client-distribution-readiness

Conversation

@NikolayS
Copy link
Copy Markdown
Owner

@NikolayS NikolayS commented May 7, 2026
edited
Loading

Summary

Prepare issues #181, #182, and #183 for actual client distribution once 0.2.0 stamping is ready.

Changes:

  • split Python release workflow into build + protected publish jobs; dry-run no longer waits on TestPyPI/PyPI environments
  • split TypeScript release workflow into validate + protected publish jobs; dry-run no longer waits on npm environment
  • split Go release workflow into validate + protected mirror publish jobs; dry-run no longer requires go-release environment or mirror token
  • document prerelease version format differences: Python/PEP 440 vs npm semver vs Go module semver

Validation

  • actionlint clean for all three release workflows
  • Python: python -m build + twine check dist/* passed
  • TypeScript: bun run check, bun run test, bun run build, npm pack --dry-run passed
  • Go: go test ./... passed in Docker Go 1.23

Notes

Issue #180 low-effort discoverability step is already done: GitHub topics were added directly to the repo.

Closes none; publish issues stay open until packages are actually published/indexed.

This was referenced May 7, 2026
Open
Open
Open
Open
@NikolayS NikolayS merged commit 36c6f4d into main May 7, 2026
12 checks passed
@NikolayS NikolayS deleted the release/client-distribution-readiness branch May 7, 2026 03:20
This was referenced May 7, 2026
Merged
Open
Merged
NikolayS added a commit that referenced this pull request May 7, 2026
@NikolayS @claude
fix(ci): pin checkout SHA + PEP 440 versions (#225)
1671634 
Two follow-ups to #222:

- release-go.yml validate + publish, release-typescript.yml validate +
  publish, and release-python.yml build all `actions/checkout@v4` with
  `ref: main`. Between validate and post-approval publish, main can
  advance and publish would build a different SHA than validate verified.
  Pin every checkout to `${{ github.sha }}` so a single dispatch
  invocation always operates on one commit.

- The Python release workflow's regex
  `^[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z.-]+)?$` rejects PEP 440
  canonical prereleases (`0.2.0rc1`, `0.2.0.dev0`) while still accepting
  PyPI-invalid forms like `0.2.0-dev`. Replaced with packaging.version.Version
  that requires the input to be in PEP 440 canonical form (so `0.2.0-rc.1`
  and `0.2.0-dev` are also rejected, since they normalise to something
  the operator did not type and would silently disagree with pyproject.toml).

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@NikolayS NikolayS mentioned this pull request May 7, 2026
Open
36 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@NikolayS