Skip to content

fix(release): exercise every shipped entrypoint#4534

Merged
Hmbown merged 3 commits into
mainfrom
agent/091-release-truthfulness-20260718
Jul 18, 2026
Merged

fix(release): exercise every shipped entrypoint#4534
Hmbown merged 3 commits into
mainfrom
agent/091-release-truthfulness-20260718

Conversation

@Hmbown

@Hmbown Hmbown commented Jul 18, 2026

Copy link
Copy Markdown
Owner

Summary

  • make same-version prepare-release.sh reruns refresh the generated changelog and web facts, then rerun both version and OHOS gates instead of exiting early
  • install and exercise the separately shipped native codew entrypoint in local dogfood, npm packaging, CNB smoke, and durable install receipts
  • keep the website verification workflow always on for every main push/PR and add its existing tests plus a production build to the required web job
  • make release-body and install documentation checksum commands truthful for single-platform downloads by using --ignore-missing
  • align the runbook with the canonical multi-crate publish dry-run instead of the misleading standalone TUI dry-run

This was rebased after #4532 landed. It does not modify the candidate/public release workflows, their exact-SHA checks, overwrite refusal, or pinned publication-path Actions. Cloudflare deployment remains manual-dispatch-only.

Testing

  • ./scripts/release/check-versions.sh
  • ./scripts/release/check-ohos-deps.sh
  • bash scripts/release/generate-release-body.test.sh
  • bash scripts/release/install-dogfood.test.sh
  • bash scripts/release/prepare-release.test.sh
  • npm test --prefix npm/codewhale (45/45)
  • /opt/homebrew/bin/actionlint -ignore SC2129 -ignore SC2221 -ignore SC2222 .github/workflows/ci.yml .github/workflows/web.yml .github/workflows/release.yml .github/workflows/release-candidate.yml
  • cargo fmt --all -- --check
  • git diff --check origin/main...HEAD
  • cd web && npm ci && npm run check:facts && npm run prebuild && npm run check:docs
  • cd web && npm run lint && npx tsc --noEmit && npm run build
  • cd web && npm test — 75/76 pass; the always-on gate intentionally exposes existing release-credit drift: @SparkofSpike is in the current docs/CONTRIBUTORS.md band but not yet in the root v0.9.1 changelog/website arrays. The final consolidated v0.9.1 credit reconciliation will make all three public surfaces exact.
  • cargo clippy --workspace --all-targets --all-features
  • cargo test --workspace --all-features

An exact-head release build and packed npm install smoke are running locally; their receipt will be added before review handoff.

Checklist

  • Updated docs or comments as needed
  • Added or updated tests where relevant
  • Verified TUI behavior manually if UI changes — no TUI UI changes
  • Harvested/co-authored credit uses a GitHub numeric noreply address — no harvested code or new co-authors in this PR

Release boundary

This PR only prepares and validates release source. It does not create a tag, GitHub Release, public asset upload, registry publication, or deployment.

Keep same-version release preparation on the canonical validation path, install and package the native codew shim, and make web and checksum verification reflect what operators actually run. Add focused release-helper, npm, and checksum contracts while leaving deploy and publication boundaries unchanged.

Signed-off-by: Hunter B <hmbown@gmail.com>
Copilot AI review requested due to automatic review settings July 18, 2026 16:48
@cursor

cursor Bot commented Jul 18, 2026

Copy link
Copy Markdown

Bugbot is not enabled for your account, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot was unable to review this pull request because the user who requested the review has reached their quota limit.

@claude

claude Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Claude finished @Hmbown's task in 2m 31s —— View job


Claude finished reviewing

Task: Code review of PR #4534 per repo custom review instructions.


Summary

This is release-tooling-only work (no crates/ source touched), so the EPIC #2608 provider/model routing invariant doesn't apply here — confirmed no provider-prefix-based routing logic anywhere in the diff.

The changes are internally consistent end-to-end: codew goes from a symlink to a real installed/downloaded/verified binary across install-dogfood.sh, install.js, .cnb.yml, npm-wrapper-smoke.js, and docs, with matching test coverage added in each corresponding *.test.sh/*.test.js.

Good choices worth calling out:

  • scripts/release/install-dogfood.sh: verify_fresh_shell_binary() correctly avoids the classic local var=$(cmd) bash pitfall — path_cli/path_shim/path_tui are plain top-level assignments, so a non-zero return from the helper still triggers set -e and halts the script instead of silently swallowing the failure.
  • scripts/release/install-dogfood.test.sh stubs zsh via a fake PATH entry rather than requiring real zsh on the CI runner, and asserts codew is no longer a symlink ([[ -L "${dest_dir}/codew" ]] check) — directly exercises the regression this PR fixes.
  • .github/workflows/ci.yml's heavy-path classifier correctly adds install-dogfood.sh/install-dogfood.test.sh to the "light" list, with a clear comment explaining why: the "Version drift" job runs install-dogfood.test.sh unconditionally regardless of the heavy flag, so no coverage is lost.
  • prepare-release.sh's same-version path is verified by a new fixture in prepare-release.test.sh that asserts sync-changelog/derive-facts/check-versions/check-ohos-deps markers are all reached while confirming cargo update (the cargo marker) is not re-run — good, targeted assertion.
  • --ignore-missing is applied consistently across generate-release-body.sh, docs/INSTALL.md, and docs/CNB_MIRROR.md (matching multi-platform manifests against a single-platform download), and generate-release-body.test.sh adds a real sha256sum -c --ignore-missing execution against a fixture manifest, not just a string-match on the doc text.
  • docs/RELEASE_RUNBOOK.md removing the standalone cargo publish --dry-run -p codewhale-tui line in favor of the existing multi-crate publish-crates.sh dry-run removes a misleading/duplicate step rather than adding one.

Nothing to flag. I didn't find correctness bugs, dead code, missing test coverage, or security issues in the diff. A few things I specifically checked and ruled out:

  • scripts/release/prepare-release.sh's reworked if [[ "${old}" != "${new}" ]] block still wraps the python3 - <<'PY' ... PY heredoc correctly — the quoted heredoc terminator means the added indentation on the surrounding if doesn't affect the (unindented) Python body, so no IndentationError.
  • npm/codewhale/scripts/install.js's new codew entry in binaryPaths() relies on detectBinaryNames() returning a codew key — that function (in artifacts.js, unchanged by this PR) already provides it, so the wiring is correct, not just coincidentally passing.
  • .github/workflows/web.yml's newly-added npm test / npm run build steps use scripts (test, build) that exist in web/package.json; the deploy job remains gated on workflow_dispatch only, consistent with the PR's claim that Cloudflare deployment stays manual-dispatch-only.

The PR body is transparent about the one known gap (cd web && npm test currently 75/76 — a pre-existing contributor-credit drift for @SparkofSpike across docs/CONTRIBUTORS.md vs. changelog/website arrays, unrelated to this diff's logic) and about cargo clippy/cargo test --workspace not yet having been run locally at PR-open time.

Signed-off-by: Hunter B <hmbown@gmail.com>
@claude

claude Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Claude finished @Hmbown's task in 1m 27s —— View job


Claude finished reviewing PR #4534


Summary

This synchronize adds one new commit, e397032 (fix(release): reconcile v0.9.1 credit parity), on top of the previously-reviewed 3a983ac. It's a 4-line, 2-file change that closes exactly the gap the PR body already called out: @SparkofSpike was in docs/CONTRIBUTORS.md but missing from CHANGELOG.md and web/lib/release-credits.ts.

Verified correct:

  • CHANGELOG.md:152-154 adds the @SparkofSpike bullet with the same PR reference (Ctrl+O pager: output truncated with ... and closes immediately while typing #4482) and description ("Windows Ctrl+O reproduction that exposed pre-pager result truncation and conflicting composer shortcut routing") already present in docs/CONTRIBUTORS.md:61-63, and matches the surrounding list's formatting/indentation exactly.
  • web/lib/release-credits.ts:38 adds "@SparkofSpike" to RELEASE_HELPERS, which is the array docs/CONTRIBUTORS.md's own header comment (web/lib/release-credits.ts:4-8) designates as the "keep in sync" mirror. Placement is correct — it's a report/reproduction credit, not a merged PR, so it belongs in RELEASE_HELPERS rather than RELEASE_CONTRIBUTORS.
  • All three public surfaces (docs/CONTRIBUTORS.md, CHANGELOG.md, web/lib/release-credits.ts) are now consistent, which should resolve the previously-noted cd web && npm run test gap (75/76 → 76/76) called out in the PR description as the one known-failing check.

Nothing to flag. No correctness bugs, no provider/model/routing logic touched (release-tooling/docs/credits only, consistent with the earlier full review of this PR), no dead code, and no security concerns in this delta.

One informational, non-blocking note: docs/CONTRIBUTORS.md:61 records the contributor under the dual identity Sh1Zuku / SparkofSpike, while CHANGELOG.md and release-credits.ts use only SparkofSpike. Both resolve to the same GitHub handle/link, so this isn't a functional issue — just worth confirming it's the intended display convention before the final v0.9.1 cut.

Not independently re-verified in this pass: I wasn't able to execute cd web && npm run test in this sandboxed review environment (no shell approval for npm), so I could not directly confirm the local test count moved from 75/76 to 76/76 — the fix is verified by static inspection of the three data sources instead, which are now byte-for-byte consistent on this contributor.

The rest of the PR (native codew entrypoint wiring, prepare-release.sh same-version rerun fix, --ignore-missing checksum truthfulness, web workflow always-on gate, runbook dry-run alignment) is unchanged since the earlier full review, which found no issues.

Signed-off-by: Hunter B <hmbown@gmail.com>
@claude

claude Bot commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Claude finished @Hmbown's task in 56s —— View job


Claude finished reviewing PR #4534


Summary

This synchronize adds one new commit, 3cf23f1 (chore(release): sync v0.9.1 contributor credit), on top of the previously-reviewed e397032. It's a 3-line, single-file change: adding the @SparkofSpike bullet (#4482, Windows Ctrl+O pre-pager truncation / composer shortcut routing report) to crates/tui/CHANGELOG.md:152-154.

Verified correct:

  • crates/tui/CHANGELOG.md is a full mirror of the root CHANGELOG.md for the ## [0.9.1] section — I diffed both files line-by-line and confirmed they're now byte-identical for that section, including the exact same wording, PR reference, and indentation added for @SparkofSpike in the prior commit (e397032).
  • web/lib/release-credits.ts's RELEASE_HELPERS array already contains "@SparkofSpike" (line 38) — correct placement, since this is a report/reproduction credit rather than a merged PR (which would belong in RELEASE_CONTRIBUTORS).
  • No web fact-check script (web/scripts/check-facts.*) reads from crates/tui/CHANGELOG.md, so this commit isn't required by any automated gate — it's a manual consistency fix keeping the crate-local changelog mirror in sync with the root, which is good hygiene but not itself load-bearing for the previously-noted cd web && npm test gap.

Nothing to flag. No correctness bugs, no provider/model/routing logic touched, no dead code, and no security concerns in this delta. All four public credit surfaces (docs/CONTRIBUTORS.md, CHANGELOG.md, crates/tui/CHANGELOG.md, web/lib/release-credits.ts) are now consistent for @SparkofSpike.

The rest of the PR (native codew entrypoint wiring, prepare-release.sh same-version rerun fix, --ignore-missing checksum truthfulness, web workflow always-on gate, runbook dry-run alignment) is unchanged since the earlier full reviews, which found no issues.

@Hmbown
Hmbown merged commit 77705f6 into main Jul 18, 2026
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants