ci(release): add tag push trigger as binary build safety net#871
Merged
Conversation
Release builds previously required release-please.yml to invoke release.yml via workflow_call. When release-please skipped tag creation (the 2026-04 skip-labeling regression that silently produced v0.1.7–v0.1.10 commits without tags), no binaries were built and manual recovery via tag push had no effect. Add an `on.push.tags: ['v*']` trigger plus a concurrency group so any v*-prefixed tag—whether generated by release-please, pushed manually, or backfilled during recovery—produces binaries. Resolve `tag_name` from either workflow_call input or `github.ref_name` to support both entry points without duplication. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
on.push.tags: ['v*']trigger torelease.ymlso any v*-prefixed tag produces binaries, regardless of how the tag was createdconcurrencygroup keyed by tag name to prevent two runs racing for the same tag (e.g.workflow_callfrom release-please +push.tagsfrom the same tag)tag_namefrom eitherinputs.tag_name(workflow_call/dispatch) orgithub.ref_name(tag push) incheckout.refandaction-gh-release.tag_nameWhy
Builds previously only ran when release-please invoked
release.ymlviaworkflow_call. The recent skip-labeling regression producedv0.1.7–v0.1.10release commits on main without any matching tags, and there was no way to recover the binaries short of editing the workflow. This PR closes that hole: manual backfill tags (or any recovery path that pushes av*tag) now triggers the full build + asset upload.Paired with the
verify-releaseguard added in #865, the release pipeline now fails loudly on silent skips and has a recovery path that doesn't require code changes.Test plan
Releaseworkflow triggering on the next release-please tag (workflow_call path, unchanged behavior)v0.1.7recovery tag manually and confirm theReleaseworkflow runs and uploads artifacts to the corresponding GitHub Release🤖 Generated with Claude Code