fix(ci): manual workflow_dispatch fallback for release.yml#42
Merged
Conversation
The default GITHUB_TOKEN deliberately suppresses downstream workflow triggers — so when release-please-action created the v1.7.0 tag after PR #41 merged, the `Build and Release` workflow (push: tags: v*) never observed it. The release sat empty. Pass a fine-grained PAT (RELEASE_PAT) with Contents: read/write so the tag push looks like a normal user push, which DOES fire downstream workflows. Add RELEASE_PAT as a repo secret before this lands. For v1.7.0 itself, manually re-push the existing tag once to backfill its assets: git fetch --tags git push origin :refs/tags/v1.7.0 git tag -d v1.7.0 git tag v1.7.0 origin/main git push origin v1.7.0 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The PAT approach in the previous commit needs org-level approval on StackOneHQ to issue a fine-grained token, which is delaying things. Instead, add a manual `workflow_dispatch` entry point to release.yml so any release-please-created tag (whose original push doesn't fire downstream workflows due to GitHub's anti-loop guard on GITHUB_TOKEN) can be picked up via Actions → "Run workflow" → enter tag name. Factored via TARGET_TAG env var so the auto path (push: tags: v*) keeps working unchanged for tags pushed by a user account. Revert the release-please.yml PAT change — back to the default GITHUB_TOKEN, with a comment explaining the manual fallback. For v1.7.0 itself: once this lands, dispatch against v1.7.0 from Actions and the existing release page gets its artifacts. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
hiskudin
changed the title
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v1.7.0 landed in Releases with zero assets because the tag push made by
release-please-action(default `GITHUB_TOKEN`) doesn't fire downstream tag-keyed workflows. That's GitHub's deliberate anti-loop guard.A PAT-based fix was tried in the first commit but needs StackOneHQ org-level approval to issue, which would block this. The second commit replaces it with a manual `workflow_dispatch` fallback — no secret needed, no org approval needed.
How it works
After release-please opens + merges a Release PR, the next tag (eg `v1.7.1`) will exist but may have no assets. To populate:
The auto path (push of a user-pushed tag → workflow fires) still works for any future tags pushed by an account rather than the actions bot. The branch factors the tag handling through a `TARGET_TAG` env so both trigger sources go through the same logic.
Backfilling v1.7.0
Once this lands on main, dispatch the workflow against `v1.7.0` once and the existing release will get its two `.tar.gz` artifacts.
Future: full automation
If/when the StackOneHQ org approves a fine-grained PAT, we can plumb it through release-please-action and remove the manual dispatch step. The dispatch path is harmless to keep around as an escape hatch.
Test plan
🤖 Generated with Claude Code