From 9e64eeee015d2b87d4ada42f6df2c0444de22b7c Mon Sep 17 00:00:00 2001 From: Claude Date: Mon, 8 Jun 2026 17:31:57 +0000 Subject: [PATCH] fix: build release image from the version tag so its stamp matches deploy.yml checked out the default github.sha. On a manual release that is the pre-bump dispatch commit, so the built image's package.json was stamped one version behind the release it ships as (the v0.15.13 release shipped an image reporting 0.15.12). Pin the checkout to the release tag (v), which bump-and-tag creates before deploy runs. auto_release is tag-triggered and already builds the tagged commit, so this is a no-op on that path. Generated with Claude Code Co-authored-by: Claude --- .github/workflows/deploy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index ad67ba4..8748b96 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -21,7 +21,13 @@ jobs: SST_STAGE: ${{ secrets.SST_STAGE }} IMAGE: ghcr.io/${{ vars.GHCR_USER }}/vault-mcp steps: + # Build from the release tag, not the default checkout SHA. On a manual + # release the tag (created by bump-and-tag) points at the version-bump + # commit, while github.sha is the pre-bump dispatch commit — checking out + # the latter stamps the image one version behind the release it ships as. - uses: actions/checkout@v6 + with: + ref: v${{ inputs.version }} - uses: actions/setup-node@v6 with: