feat(release): major-bump no-commit crates on direct dependency major bumps#2195
Merged
Merged
Conversation
… bumps Crates with no commits since their last release were skipped entirely in the release proposal, so the libdd-* major-bump audit (which only read the released crates) could never propagate a major bump to them. This is a common case: a dependency's release rewrites dependents' Cargo.toml via a chore(release) bot commit, which commits-since-release.sh filters out, making the dependent look "no-commit". No-commit crates are now recorded as pending candidates and fed into the same major-bump audit. They are released as major only when a direct libdd-* dependency's major requirement changed since their last tag; otherwise they stay skipped as before. A minimal CHANGELOG entry recording the dependency bump is written since git-cliff has no commits to work with. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
🎉 All green!🧪 All tests passed 🎯 Code Coverage (details) 🔗 Commit SHA: 0a83f67 | Docs | Datadog PR Page | Give us feedback! |
Contributor
Artifact Size Benchmark Reportaarch64-alpine-linux-musl
aarch64-unknown-linux-gnu
libdatadog-x64-windows
libdatadog-x86-windows
x86_64-alpine-linux-musl
x86_64-unknown-linux-gnu
|
The octo-sts trust policy does not allow testing branches to mint a token, so bypass_standard_checks runs failed at every token use. Now, when bypassing: - check-membership is skipped entirely (and cargo-release runs when that job is skipped, but never when it actually failed); - git signing config and gh pr create fall back to the default GITHUB_TOKEN; - the verified commit-headless push is replaced by a plain git push (local, unverified SHAs), which is acceptable for testing runs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A skipped check-membership (bypass runs) propagates its "skipped" status transitively through cargo-release to create-pr, which still used the implicit success() gate and was skipped even though its direct needs succeeded. Gate create-pr on its direct needs' results instead. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The default GITHUB_TOKEN used on bypass runs cannot open a PR when the org disables "Allow GitHub Actions to create and approve pull requests", and testing branches cannot mint an octo-sts token. Rather than branch on the input, always attempt gh pr create and, on failure, print a prefilled compare URL and the PR body to the job summary without failing the job (the branch is already pushed). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The minimal CHANGELOG entry written for crates released solely due to a direct dependency major bump used a plain "## <version> - <date>" header, unlike git-cliff entries which link the version to a compare view. Match git-cliff's format: "## [<version>](.../compare/<prev_tag>..<new_tag>) - <date>". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
hoolioh
approved these changes
Jul 6, 2026
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 508322ec84
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Wrapping gh pr create in an if turned every failure into a warning, so a standard run could go green with the release/proposal branches pushed and no PR (cleanup-on-failure never fires). Keep attempting unconditionally, but only fall back to printing a manual compare link when bypass_standard_checks is true; standard runs fail so cleanup and retry behavior stay visible. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The major-bump audit ran in a worktree checked out at github.sha (current main), so for a hotfix or older-ref release a pending no-commit crate could be major-bumped due to a dependency requirement change present on main but not in the branch being released. Check the audit worktree out at the release ref (the ephemeral release-branch tip saved in /tmp/release_head_sha) instead; this is a no-op when the release is cut from main tip. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cargo-release accepted a skipped check-membership unconditionally. In a non-bypass run where check-proposal-ongoing fails (an existing release branch is found), check-membership is skipped because its dependency failed, and that skipped result wrongly satisfied the condition, defeating the ongoing-release guard. Require check-proposal-ongoing to have succeeded and only accept a skipped membership when bypass_standard_checks is true. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Release-proposal crates with no commits since their last release are no longer skipped outright. They are now recorded as pending candidates and released as major when a direct
libdd-*dependency's major requirement changed since their last tag — using the same audit (major-bumps-level.sh) that already runs for released crates.Why
When a dependency (e.g.
libdd-common) is released major,cargo-releaserewrites dependents'Cargo.tomlrequirements via achore(release)bot commit.commits-since-release.shfilters those commits out, so the dependent looks "no-commit" → it wascontinued in Release version bumps → it never reached/tmp/api-changes.json→ the major-bump audit (which only read that file) could never propagate the major bump to it.How
/tmp/pending-major-only.jsonwithpending_release: "true"(keepingprev_tag,version,path), rather than dropped.api-changes.json+ pending, seeds the result with already-released crates, then bumps to major (append for pending, update-in-place for released) via one unified path.Scope notes
prev_tag), so it catches already-merged dependency majors not yet propagated — "like the others". In-proposal propagation (a dep majored within the same run) is not handled here, and wasn't before either.Testing
YAML validated; the jq merge/seed/append and awk changelog-prepend logic were unit-tested in isolation. The full workflow requires the CI runner + org tokens and was not run locally.
🤖 Generated with Claude Code