Skip to content

fix(ci): tag-only release flow + bump to 0.3.1#21

Merged
bntvllnt merged 1 commit intomainfrom
fix/ci-tag-only-release
Apr 27, 2026
Merged

fix(ci): tag-only release flow + bump to 0.3.1#21
bntvllnt merged 1 commit intomainfrom
fix/ci-tag-only-release

Conversation

@bntvllnt
Copy link
Copy Markdown
Contributor

@bntvllnt bntvllnt commented Apr 27, 2026

Why

The previous release flow tried to push a `chore(release): vX.Y.Z` commit + tag to `main` from inside the release job. With branch protection on `main` requiring `ci (20)` + `ci (22)` checks on every push, that commit (created by the workflow runner, no CI run against it) was always rejected — `GH006: Protected branch update failed` — leaving an orphan tag and no published release.

Run that hit it: 25018770354. The orphan `v0.3.1` tag from that run is still on origin and needs to be deleted before the next dispatch.

What

Mirror the @vllnt/ui pattern: tag-only releases.

  • `workflow_dispatch` loses the `bump` input — version is read from `package.json` (bumped via PR before dispatch, where CI runs on it).
  • New "Read version + guard against retag" step fails fast if the tag already exists.
  • Workflow only pushes the `vX.Y.Z` tag (tags aren't branch-protected). No `RELEASE_PAT` needed; default `GITHUB_TOKEN` is sufficient.
  • GH release notes via `--notes-file` instead of `--notes "$(...)"` (avoids multi-line quoting issues).

Plus: bump `0.3.0` → `0.3.1` in:

  • `package.json` (npm version)
  • `CHANGELOG.md` header
  • `src/server.ts` (default MCP `version`)
  • `README.md`, `llms-full.txt`, `docs/api-reference.md` (doc references to the default)

New release procedure

  1. Open a PR that bumps `package.json` + CHANGELOG header.
  2. Merge → CI runs on the bump commit, validating it on main.
  3. `gh workflow run Publish` (no inputs) → reads version, asserts no existing tag, tags + pushes tag, publishes npm with OIDC, creates GH release.

Test plan

  • CI green on this PR (lint, typecheck, build, test, coverage)
  • Local: `pnpm typecheck && pnpm lint && pnpm test` — passing (132/132, 100% coverage)
  • After merge: delete orphan `origin` tag `v0.3.1`
  • Dispatch publish workflow → verify it tags `v0.3.1`, publishes npm `@vllnt/convex-mcp@0.3.1` at `latest` with provenance, creates GH release `v0.3.1`

@bntvllnt
fix(ci): tag-only release flow + bump to 0.3.1
8c3e008 
The previous release flow tried to push a chore(release) commit + tag to
main from the workflow. With branch protection requiring 2 status checks on
every commit pushed to main, that commit (created in the runner) had no CI
runs and was always rejected by the protected-branch hook (GH006).

Mirror the @vllnt/ui pattern: tag-only releases.

- workflow_dispatch loses the `bump` input — version is read from
  package.json (bumped via PR before dispatch, where CI runs on it).
- New "Read version + guard against retag" step fails fast if the tag
  already exists, preventing the orphan-tag scenario from the prior run.
- Drops `git push origin main --follow-tags` — workflow only pushes the
  vX.Y.Z tag, which isn't branch-protected. Default GITHUB_TOKEN handles
  it (no PAT needed).
- GH release notes go through a notes-file (avoids quoting issues with
  multi-line bodies passed via --notes "$(...)").

Bump 0.3.0 → 0.3.1 in package.json + CHANGELOG header + the four doc
surfaces that hardcode the default MCP server version (src/server.ts,
README.md, llms-full.txt, docs/api-reference.md).
@bntvllnt bntvllnt merged commit 0fe8b72 into main Apr 27, 2026
2 checks passed
@bntvllnt bntvllnt deleted the fix/ci-tag-only-release branch April 27, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bntvllnt