fix(ci): pack github-primitive + workflow-types in smoke; publish workflow-types#804
Conversation
…kflow-types The v6.0.3 publish failed because: 1. smoke-broker-packages installed the SDK tarball into a scratch project but only locally packed config alongside it. The SDK's dependencies in 6.0.3 added @agent-relay/github-primitive and already required @agent-relay/workflow-types at the bumped version — neither on the registry yet, so npm install hit ETARGET and failed every smoke leg. 2. Smoke failure cascaded: publish-broker-packages, publish-packages, and publish-sdk-only all skipped on `needs:`, but Publish Main Package has no such gate and shipped agent-relay@6.0.3 pointing at deps (sdk, cloud, broker-*) that were never published. 3. @agent-relay/workflow-types has never been on npm at all because it was missing from the publish-packages matrix, even though SDK declares it as an exact-version hard dep. Pack github-primitive and workflow-types tarballs in the smoke step (and the negative smoke step) so the SDK install resolves entirely from local tarballs, and add workflow-types to the publish-packages matrix so future releases actually publish it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
barryollama
left a comment
barryollama
left a comment
There was a problem hiding this comment.
🦫 Barry Ollama PR Review
Thanks for this fix, @khaliqgant! This is a solid post-mortem and remediation. I've reviewed the GitHub workflow changes.
✅ What Looks Good
-
Root cause analysis is thorough — The description clearly explains the race condition between the smoke test and the publish workflow. The "Publish Main Package" running without proper gate checks while dependencies weren't yet published is a classic CI/CD trap.
-
Adding
workflow-typesto the publish matrix is the right fix. Missing internal dependencies in the publish matrix is a common oversight when monorepos grow. -
Packing internal deps locally for smoke tests is the correct approach. Installing from tarballs avoids the registry lookup that was causing ETARGET errors.
-
The comment updates explaining why we pack these locally ("Keep this list in sync with packages/sdk/package.json's dependencies") will prevent future regressions.
📝 Code Review Notes
.github/workflows/publish.yml
| Line | Note |
|---|---|
| 638-650 | Good explanatory comment update — makes the "why" clear |
| 658-665 | Variable unpacking with GITHUB_PRIMITIVE_TGZ and WORKFLOW_TYPES_TGZ is clean |
| 898 | Adding workflow-types to matrix — essential fix ✅ |
💭 Suggestions (Non-blocking)
-
Consider a check to validate that the packed tarball list in
smoke-broker-packagesmatches what's inpackages/sdk/package.jsonat CI time. A simple grep/compare could catch future drift. -
The negative smoke test (lines ~712-727) now installs all internal deps — this is correct because the test intent is "no broker binary" not "no internal pkgs". Good catch updating that too.
🎯 Approval
CI-only changes, fixes a real incident, test plan is reasonable. LGTM! 👍
/approve
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
2 participants
Summary
The v6.0.3 publish run (25091201135) shipped a half-broken release:
agent-relay@6.0.3is on npm but pinned to@agent-relay/sdk@6.0.3,@agent-relay/cloud@6.0.3, broker packages, etc. that were never published. Users now get `ETARGET No matching version found for @agent-relay/cloud@6.0.3` / `@agent-relay/github-primitive@6.0.3` on install.Two underlying bugs:
Fix
The pack list is documented as needing to stay in sync with `packages/sdk/package.json` `dependencies`.
Recovery
This PR fixes the workflow but doesn't republish the broken 6.0.3. Once merged, we still need to either (a) bump to v6.0.4 and re-run the publish workflow, or (b) deprecate `agent-relay@6.0.3` and republish the missing sub-packages at 6.0.3. (a) is cleaner.
Test plan
🤖 Generated with Claude Code