fix(ci): serialize auto-release and sync-checksums workflows (race condition)#9
Merged
xergioalex merged 2 commits intomainfrom May 2, 2026
Merged
Conversation
## Summary Auto-release.yml failed silently after PR #8 was merged with this error: [LOCAL SHA] 771ad76... != e1b37d7... [UPSTREAM SHA] Upstream branch 'origin/main' has changed! Upstream branch has changed. Please pull the latest changes and try again. PSR had computed `v1.3.0` correctly (`feat(installer): add install.ps1` qualified for a MINOR bump) but lost a race against `sync-installer-checksums.yml`. Both workflows fired off the same merge event: - sync-installer-checksums.yml regenerated install.ps1.sha256 and pushed `chore(installer): regenerate installer checksums [skip ci]` to main. - auto-release.yml had checked out main at the merge SHA, ran PSR, and tried to push the chore(release) commit + v1.3.0 tag — but by then origin/main had moved. PSR is defensive about this and refuses to push when upstream changed, which is correct. The fix is to make sure the two workflows never run in parallel against the same branch. ## Change Both workflows now use `concurrency.group: main-write` (was: auto-release-main / sync-installer-checksums-main, distinct groups). GitHub Actions serializes any workflow run that shares a concurrency group, so the second invocation is queued until the first finishes, then checks out an up-to-date main and proceeds normally. ## After this lands The skipped v1.3.0 will be cut on the next merge to main (PSR will see the same commits + this fix and produce v1.3.0 — or higher if this PR's `fix:` prefix bumps the patch level above what was queued). We can also force the recovery by manually running auto-release.yml via workflow_dispatch. The agent-skill repo is unaffected: install.ps1, install.ps1.sha256, install.sh, and install.sh.sha256 all already serve correctly via the Cloudflare wildcard, regardless of which CLI version is on PyPI. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
After merging PR #8 (install.ps1), `auto-release.yml` failed with:
```
[LOCAL SHA] 771ad76... != e1b37d7... [UPSTREAM SHA]
Upstream branch 'origin/main' has changed!
```
PSR computed `v1.3.0` correctly but lost a race: `sync-installer-checksums.yml` ran in parallel, pushed a checksum-regen commit to `main`, and PSR refused to push on top of moved upstream.
Fix
Both workflows now share `concurrency.group: main-write`. GitHub Actions queues the second invocation until the first finishes, so the second one always checks out an up-to-date `main` before proceeding.
After merge
`v1.3.0` (or whatever the next PSR computation yields) will be cut on the next merge with no race. The agent-skill repo is unaffected — `install.{sh,ps1}` and their `.sha256` siblings already serve correctly via the Cloudflare wildcard regardless of which CLI version is on PyPI.
Test plan