feat: promote npm edge tag to latest when prerelease is promoted#82
Merged
Conversation
Adds test infrastructure for nginx backends feature (issue #5). This allows an nginx service to declare upstream backend services that it depends on and can proxy to. Tests will fail until the backends config option is implemented.
Adds a 'backends' array config to the nginx service builder. When specified, it: - Adds depends_on entries ensuring backend services start first - Injects LANDO_NGINX_BACKENDS env var with comma-separated service names - Fully backwards compatible (defaults to empty array) Closes #5
❌ Deploy Preview for lando-nginx failed. Why did it fail? →
|
Adds a 'released' trigger to the release workflow with a lightweight 'promote' job that runs npm dist-tag to move 'latest' to the current version when a prerelease is promoted to a full release. The existing publish pipeline remains gated to 'published' events only.
AaronFeledy
force-pushed
the
feature/promote-edge-on-edit
branch
from
25d59a7 to
ac02075
Compare
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| echo "::notice title=Promoted $VERSION to latest::The latest tag now points to $VERSION (was edge-only)" | ||
| env: | ||
| TAG_NAME: ${{ github.event.release.tag_name }} | ||
| NODE_AUTH_TOKEN: ${{secrets.NPM_DEPLOY_TOKEN}} |
There was a problem hiding this comment.
Race condition: promote fails before deploy publishes package
Medium Severity
When a release is created directly as a non-prerelease, GitHub fires both published and released events as separate workflow runs. The promote job (~15s) will complete well before the deploy job (minutes of install/lint/test/publish), so npm dist-tag add will fail because the version doesn't exist on npm yet. The PR description claims this is "harmless" assuming idempotency, but dist-tag add for a nonexistent version is an error, not a no-op, producing a confusing red workflow run.
Additional Locations (1)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When a release is published as a prerelease, it gets tagged as
edgeon npm. Later, when the release is promoted to a full release in GitHub, the npmlatesttag doesn't update because the workflow only triggered onpublished.Solution
releasedto the release workflow trigger typespromotejob that only runsnpm dist-tag add latest— no install, no lint, no tests, no re-publishreleasedevent (when a prerelease is promoted to full release)deployjob is now explicitly gated topublishedevents only (no behavior change)TAG_NAMEenv var instead of direct interpolation to prevent script injectionFlow
edgetag (unchanged)promotejob runs, pointslatestto that version (~15s)The
dist-tag addcommand is idempotent, so if bothpublishedandreleasedfire on a fresh non-prerelease publish, the redundant promote is harmless.Note
Low Risk
CI-only change that adjusts GitHub Actions triggers and adds an npm dist-tag update step; main risk is mis-tagging
latestif release/tag metadata is unexpected.Overview
Updates the release workflow to trigger on both
publishedandreleasedevents, so promoting a GitHub prerelease to a full release is handled.Adds a lightweight
promotejob that runs only onreleasedto move the npmlatestdist-tag to the version fromgithub.event.release.tag_name, and gates the existingdeploypublish pipeline to run only onpublished.Written by Cursor Bugbot for commit ac02075. This will update automatically on new commits. Configure here.