Skip to content

fix(workflows): rewrite unreleased-changelog-trigger.yml#5281

Merged
leaanthony merged 3 commits into
masterfrom
fix/unreleased-changelog-trigger
Apr 29, 2026
Merged

fix(workflows): rewrite unreleased-changelog-trigger.yml#5281
leaanthony merged 3 commits into
masterfrom
fix/unreleased-changelog-trigger

Conversation

@leaanthony

@leaanthony leaanthony commented Apr 29, 2026

Copy link
Copy Markdown
Member

Summary

The previous version was failing on every push with zero job output — GitHub's API reported the workflow's name as the file path rather than the configured name: field, indicating a startup-level parse/validation failure (likely from the actions/github-script step with a nested ${{ ... || "false" }} expression containing double-quoted strings).

Rather than chase the YAML/expression mess, rewrite from scratch with a smaller, simpler structure.

Changes

  • Single job (drop the redundant check-permissions job; gate via job-level if: against github.actor).
  • Allow github-actions[bot] as an actor (the committer that auto-changelog-v3.yml uses to push the changelog entry — i.e. the very push that should fire this trigger).
  • Use gh workflow run instead of actions/github-script to dispatch nightly-release-v3.yml — fewer moving parts, no JS interpolation.
  • Fetch UNRELEASED_CHANGELOG.md via the contents API instead of a full git checkout (saves a checkout on every push).

Net: 138 lines → 55 lines, same intended behaviour, no startup_failure.

Test plan

  • After merge, CI parses the workflow successfully (workflow's name field reads "Auto Release on Changelog Update", not the file path).
  • On the next auto-changelog-v3.yml PR-merge commit that touches v3/UNRELEASED_CHANGELOG.md, this workflow runs and dispatches nightly-release-v3.yml.
  • Manual workflow_dispatch with dry_run: true succeeds.

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Streamlined the automated release workflow for faster, more predictable runs.
    • Restricts workflow execution to a small allowlist for tighter control.
    • Detects changelog content directly to ensure releases only proceed when notes exist.
    • Uses a more direct dispatch method for reliability and passes dry-run/force flags through.
    • Removed redundant summary-generation steps to simplify logs.

The previous version was failing on every push with no jobs running —
GitHub's API was reporting the workflow's "name" as the file path
rather than the configured `name:` field, indicating a startup-level
parse/validation failure (likely from the actions/github-script step
with a nested ${{}} expression containing double-quoted strings).

Rewrite from scratch with a smaller, simpler structure:
- Single job (drop the redundant check-permissions job; gate via the
  job-level `if:` against github.actor instead).
- Allow github-actions[bot] as an actor (it's the committer that
  auto-changelog-v3.yml uses to push the changelog entry, which is the
  push that should fire this workflow).
- Use `gh workflow run` rather than actions/github-script to dispatch
  nightly-release-v3.yml — fewer moving parts, no JS interpolation.
- Fetch UNRELEASED_CHANGELOG.md via the contents API instead of a full
  git checkout.

Net: 138 lines -> 55 lines, same intended behaviour, no startup_failure.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 29, 2026 13:32
@coderabbitai

coderabbitai Bot commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 243ce37d-4a9e-4389-b2d9-67f5470a5c91

📥 Commits

Reviewing files that changed from the base of the PR and between db9b53a and caaae98.

📒 Files selected for processing (1)
  • .github/workflows/unreleased-changelog-trigger.yml

Walkthrough

Replaces a two-job workflow with a single job gated by an allowlist of github.actor; fetches v3/UNRELEASED_CHANGELOG.md via the GitHub Contents API and greps its contents; dispatches nightly-release-v3.yml using gh workflow run with mapped inputs; removes prior summary/permission steps.

Changes

Cohort / File(s) Summary
Workflow: unreleased changelog trigger
.github/workflows/unreleased-changelog-trigger.yml
Collapsed two-job permission flow into a job-level if against trusted github.actor; replaced repo checkout + in-repo grep with a GET to v3/UNRELEASED_CHANGELOG.md via the Contents API and local grep; switched dispatch from actions/github-script createWorkflowDispatch to gh workflow run nightly-release-v3.yml (passes force_release=true, maps dry_run); removed no-content/unauthorized summary steps; broadened trigger paths to include the workflow file.

Sequence Diagram(s)

sequenceDiagram
  participant Repo as Repository (push)
  participant Runner as Actions Runner
  participant GitHubAPI as GitHub Contents API
  participant CLI as GitHub CLI (gh)
  participant Nightly as nightly-release-v3.yml

  Repo->>Runner: workflow triggered (paths include workflow file)
  Runner->>Runner: evaluate job-level `if` (trusted github.actor)
  alt actor trusted
    Runner->>GitHubAPI: GET v3/UNRELEASED_CHANGELOG.md (contents API, ref=master)
    GitHubAPI-->>Runner: file content
    Runner->>Runner: grep for bullet entries ("- " or similar)
    alt bullets found
      Runner->>CLI: run `gh workflow run nightly-release-v3.yml` inputs: force_release=true, dry_run=...
      CLI-->>Nightly: dispatch workflow run
    else no bullets
      Runner-->>Runner: skip dispatch (no content)
    end
  else actor not trusted
    Runner-->>Runner: job skipped by `if`
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Poem

🐰 I nibble on lines in the cloud so bright,
I fetch the changelog by soft moonlight,
With gh I bounce the nightly call,
Small hops, swift runs—I cheer them all,
A carrot-coded dance to ship by dawn. 🥕✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title 'fix(workflows): rewrite unreleased-changelog-trigger.yml' directly summarizes the main change—a complete rewrite of the workflow file to fix the startup-level parse/validation failure.
Description check ✅ Passed The PR description provides a clear summary of the problem (workflow failing with zero job output), the root cause, the solution approach, and specific changes made. However, it lacks the structured elements from the template (checklist items for type of change, testing details, and validation steps are incomplete).
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/unreleased-changelog-trigger

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 5/8 reviews remaining, refill in 15 minutes and 41 seconds.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Rewrites the unreleased-changelog-trigger GitHub Actions workflow to reliably trigger the v3 nightly release workflow when v3/UNRELEASED_CHANGELOG.md is updated, avoiding the prior workflow’s apparent startup/parse failures.

Changes:

  • Simplifies to a single gated job (trusted actors only) and removes the separate permissions-check job.
  • Fetches v3/UNRELEASED_CHANGELOG.md via the GitHub Contents API (no checkout) and checks for bullet content.
  • Dispatches nightly-release-v3.yml via gh workflow run instead of actions/github-script.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +31 to +35
curl -fsSL \
-H "Accept: application/vnd.github.raw" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/contents/v3/UNRELEASED_CHANGELOG.md?ref=master" \
> /tmp/UNRELEASED_CHANGELOG.md

Copilot AI Apr 29, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

curl -fsSL will fail the step (and the entire job) on transient GitHub API/network errors. Since this runs on every qualifying push, adding a small retry/backoff (or handling non-2xx responses with a clearer message) would reduce flaky failures unrelated to changelog content.

Suggested change
curl -fsSL \
-H "Accept: application/vnd.github.raw" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/contents/v3/UNRELEASED_CHANGELOG.md?ref=master" \
> /tmp/UNRELEASED_CHANGELOG.md
if ! curl -fsSL \
--retry 3 \
--retry-delay 2 \
--retry-all-errors \
--connect-timeout 10 \
--max-time 60 \
-H "Accept: application/vnd.github.raw" \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
"https://api.github.com/repos/${{ github.repository }}/contents/v3/UNRELEASED_CHANGELOG.md?ref=master" \
> /tmp/UNRELEASED_CHANGELOG.md; then
echo "::error::Failed to fetch v3/UNRELEASED_CHANGELOG.md from the GitHub API after retries."
exit 1
fi

Copilot uses AI. Check for mistakes.
branches: [master]
paths:
- 'v3/UNRELEASED_CHANGELOG.md'
- '.github/workflows/unreleased-changelog-trigger.yml'

Copilot AI Apr 29, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Including .github/workflows/unreleased-changelog-trigger.yml in on.push.paths means a workflow-only change can still dispatch nightly-release-v3.yml as long as v3/UNRELEASED_CHANGELOG.md currently contains any bullet content. This is a behavior change from “release only when changelog is updated” and can trigger an unintended release run when editing the workflow itself. Consider removing this path filter entry, or add an additional guard (e.g., a job/step if:) so dispatch only occurs when the changelog file was part of the pushed changes.

Suggested change
- '.github/workflows/unreleased-changelog-trigger.yml'

Copilot uses AI. Check for mistakes.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/unreleased-changelog-trigger.yml:
- Line 8: The workflow currently includes its own file in the push paths list
which can cause accidental releases when the workflow file is edited; remove the
entry referencing '.github/workflows/unreleased-changelog-trigger.yml' from the
paths trigger so the workflow only responds to changes to
UNRELEASED_CHANGELOG.md (keep workflow_dispatch intact for manual tests),
ensuring the existing actor allowlist and the force_release=true dispatch logic
are not invoked by edits to the workflow file itself.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 483b3a59-2cc7-4875-b381-e81ffb465cd6

📥 Commits

Reviewing files that changed from the base of the PR and between edb013d and 0522945.

📒 Files selected for processing (1)
  • .github/workflows/unreleased-changelog-trigger.yml

Comment thread .github/workflows/unreleased-changelog-trigger.yml Outdated
Functionally identical, but easier to read at a glance — no
contains-on-array vs contains-on-string semantics to remember.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
.github/workflows/unreleased-changelog-trigger.yml (1)

8-8: ⚠️ Potential issue | 🟠 Major

Remove workflow self-trigger path to avoid unintended releases

Line 8 allows this workflow to run when this workflow file itself changes. That can still dispatch nightly-release-v3.yml during maintenance edits if the changelog currently has bullet entries. Please remove this path and keep triggering only on v3/UNRELEASED_CHANGELOG.md (manual workflow_dispatch remains available).

Suggested change
   push:
     branches: [master]
     paths:
       - 'v3/UNRELEASED_CHANGELOG.md'
-      - '.github/workflows/unreleased-changelog-trigger.yml'
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/unreleased-changelog-trigger.yml at line 8, Remove the
self-trigger path entry currently present in the workflow's "paths" list (the
string '.github/workflows/unreleased-changelog-trigger.yml') so the workflow no
longer runs when its own file is edited; leave the path filter that targets
'v3/UNRELEASED_CHANGELOG.md' intact and keep the existing manual
'workflow_dispatch' trigger. Update the paths array in
.github/workflows/unreleased-changelog-trigger.yml to exclude the workflow file
name and ensure only changes to v3/UNRELEASED_CHANGELOG.md (and manual dispatch)
can trigger the run.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.github/workflows/unreleased-changelog-trigger.yml:
- Line 8: Remove the self-trigger path entry currently present in the workflow's
"paths" list (the string '.github/workflows/unreleased-changelog-trigger.yml')
so the workflow no longer runs when its own file is edited; leave the path
filter that targets 'v3/UNRELEASED_CHANGELOG.md' intact and keep the existing
manual 'workflow_dispatch' trigger. Update the paths array in
.github/workflows/unreleased-changelog-trigger.yml to exclude the workflow file
name and ensure only changes to v3/UNRELEASED_CHANGELOG.md (and manual dispatch)
can trigger the run.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 997eac00-a871-43ec-afdb-23ae4cdfdff3

📥 Commits

Reviewing files that changed from the base of the PR and between 0522945 and db9b53a.

📒 Files selected for processing (1)
  • .github/workflows/unreleased-changelog-trigger.yml

- Drop the workflow file itself from `on.push.paths`. Including it
  meant a workflow-only edit could dispatch a release as long as the
  changelog already had bullet content (behavior change from "release
  only when changelog updates"). Reverting to the original semantics.
- Add `--retry 3 --retry-delay 2 --retry-connrefused` to the curl
  fetch of UNRELEASED_CHANGELOG.md so transient API/network errors
  don't fail the whole job and silently miss a release trigger.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@leaanthony leaanthony merged commit 3eec189 into master Apr 29, 2026
12 of 14 checks passed
@leaanthony leaanthony deleted the fix/unreleased-changelog-trigger branch April 29, 2026 13:44
leaanthony pushed a commit to AkagiYui/wails that referenced this pull request Apr 29, 2026
…): rewrite unreleased-changelog-trigger.yml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants