Skip to content

ci: fix release-notes step SIGPIPE on first release#133

Merged
rg4444 merged 1 commit into
mainfrom
fix/release-notes-sigpipe
May 23, 2026
Merged

ci: fix release-notes step SIGPIPE on first release#133
rg4444 merged 1 commit into
mainfrom
fix/release-notes-sigpipe

Conversation

@rg4444
Copy link
Copy Markdown
Contributor

@rg4444 rg4444 commented May 23, 2026

ci: fix release-notes step SIGPIPE under set -o pipefail

The v0.1.0 release pipeline succeeded through all 21 build/sign/verify steps and failed only at step #22 (Generate release notes), causing step #23 (Create GitHub Release) to be skipped. The signed Docker images are already on GHCR (cosign-verifiable); the only missing artifact is the GitHub Release page itself.

Root cause

git log --pretty=format:"- %s (%h) — @%an" "${RANGE}" | head -200

Under set -euo pipefail:

  1. head -200 closes its stdin after the 200th line
  2. git log writes line 201, gets SIGPIPE, exits 141
  3. pipefail makes the pipeline return 141
  4. set -e propagates it as a script failure

This is a first-release-only bug:

  • On the first release, PREV_TAG is empty (no prior semver tag), so RANGE is just the current tag (e.g. v0.1.0)
  • git log v0.1.0 emits one line per commit in the entire branch history (271+ commits in this Gitea-derived tree)
  • head -200 truncates → SIGPIPE → step fails

On every subsequent release, RANGE becomes vX.Y.Z..vA.B.C and the log is naturally short — head never needs to truncate.

Fix

Cap at the source:

git log -n 200 --pretty=format:"- %s (%h) — @%an" "${RANGE}"

Same output, no SIGPIPE risk, no need to relax pipefail for this block. One-line change.

Recovery procedure (post-merge)

I'll handle this via API after merge:

  1. Delete the failed v0.1.0 ref
  2. Recreate v0.1.0 against new main HEAD
  3. Workflow reruns; image build hits the warm GHA cache from the failed run (~30s instead of ~10min); release.json regenerates; the Create-Release step now succeeds

Expected wall clock: 3-5 min.

What still works from the failed run

  • ghcr.io/algomation-ai/processgit:0.1.0 — signed multi-arch image, pullable now
  • ghcr.io/algomation-ai/processgit-updater:0.1.0 — signed sidecar image, pullable now

Both are signed identically (cosign keyless via OIDC). The retry will produce a new identical image (same source), and either old or new will verify against the workflow's certificate identity.

Diff

 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

@claude
ci: fix release-notes step SIGPIPE under set -o pipefail
84f4669 
The v0.1.0 release pipeline succeeded through all 21 build/sign/verify
steps but failed at step #22 ("Generate release notes"), skipping step
#23 ("Create GitHub Release") as a result. The signed images were
pushed to GHCR and release.json was generated and signed correctly; the
only missing artifact is the GitHub Release page.

Root cause: `git log ... | head -200` under `set -euo pipefail`.

When `head -200` closes its stdin after the 200th line, `git log` gets
SIGPIPE and exits 141. `pipefail` makes the pipeline inherit that
exit code; `set -e` propagates it as script failure.

This only manifests on the FIRST release for a fork:

  - PREV_TAG resolves to empty (no prior semver tag), so RANGE is
    just the current tag (e.g. "v0.1.0")
  - `git log v0.1.0` emits one line per commit in the entire branch
    history (271+ for ProcessGit's Gitea-derived tree)
  - head -200 truncates → SIGPIPE → step fails

On every subsequent release, PREV_TAG is set and RANGE becomes
"vX.Y.Z..vA.B.C", which yields a short log that head never needs to
truncate.

Fix: cap at the source via `git log -n 200 ...` and drop the
`| head -200` pipe entirely. Same output, no SIGPIPE risk, no need
to relax pipefail for this block.

After this lands, the recovery is:

  - Delete the v0.1.0 ref (the failed run's tag)
  - Re-create v0.1.0 against the new main HEAD
  - Workflow re-runs; image build hits the warm GHA cache from this
    run (~30s instead of ~10min); release.json regenerates;
    Create-Release step now succeeds.

The previously-pushed signed images on GHCR remain valid and
verifiable — this fix only addresses the GitHub Release page creation.

Co-authored-by: Claude <noreply@anthropic.com>
@rg4444 rg4444 merged commit a8fbeff into main May 23, 2026
8 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

modifies/internal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rg4444