refactor: parallelize push release workflow#313
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
📝 WalkthroughWalkthroughThe CI/CD workflow is restructured from sequential execution to parallel build jobs with centralized orchestration. A new Changes
Sequence Diagram(s)sequenceDiagram
participant Push as Push Event
participant Prepare as prepare job
participant Build as Parallel Build<br/>(telegram, moder,<br/>main, bridge)
participant Artifacts as Artifact<br/>Storage
participant Publish as publish-release<br/>job
participant B2 as B2 Storage
participant GH as GitHub<br/>Releases
Push->>Prepare: Trigger workflow
Prepare->>Prepare: Compute build-version<br/>release-tag, publish-bridge
Prepare->>Build: Output metadata
Build->>Build: Build all packages<br/>in parallel
Build->>Artifacts: Upload artifacts
Publish->>Artifacts: Download artifacts
Publish->>Publish: Consolidate packages<br/>Copy telegram binary
Publish->>B2: Sync update-feed<br/>& full-release
Publish->>B2: Conditionally sync<br/>legacy bridge
Publish->>GH: Create GitHub Release
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
🔍 PR检查报告📋 检查概览
🧪 测试结果
📊 代码质量
📁 测试产物
🔗 相关链接此报告由GitHub Actions自动生成 |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
.github/workflows/push.yml (1)
41-58: Bridge presence check fails open — transient B2 errors trigger a full bridge rebuild.If
b2 account authorizeorb2 lsfails for any reason (rate limit, credential hiccup, temporary outage),$existingMarkerends up empty andpublish-bridge=true, so the legacy ClickOnce bridge is re‑built and re‑synced unnecessarily. Consider:
- Checking
$LASTEXITCODEafterb2 account authorize/b2 lsand failing the job (so the workflow retries cleanly), rather than silently treating errors as "marker missing".- Pinning the
b2package (pip install b2==x.y.z) so a future major-version release (e.g. command renames or removed flags) doesn't break this step without warning. Same applies to line 436.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/push.yml around lines 41 - 58, The step with id "bridge-check" treats any failure from the b2 client as a missing marker because it never checks command exit status; update the PowerShell block to check $LASTEXITCODE immediately after running "b2 account authorize" and after "b2 ls" (the invocation that sets $existingMarker) and exit the step with a non‑zero code (fail the job) if either command failed, instead of writing publish-bridge=true; also pin the pip install to a specific known safe version (replace "pip install ... b2" with "pip install ... b2==<x.y.z>" in this step and the similar install at line ~436) so future b2 releases don’t silently break the workflow.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/push.yml:
- Around line 327-329: Replace usages of the actions/setup-python@v4 action with
actions/setup-python@v5 wherever it's referenced in the workflow (notably the
step that sets python-version: '3.9' and the analogous step in the prepare job);
update both occurrences so the workflow uses actions/setup-python@v5 to avoid
the old runner/runtime issues flagged by actionlint and keep the python-version
input unchanged.
- Around line 10-18: Add a workflow-level concurrency block to serialize
overlapping releases so concurrent runs can't delete or race each other's B2
packages or release tags; in the push.yml top-level (near the existing env and
permissions) add a concurrency: group using a stable key that includes the ref
and a release identifier (e.g., "publish-release-${{ github.ref }}" or similar)
and set cancel-in-progress: false (or true based on desired behavior) so runs
for the same branch are executed/queued serially; ensure the block applies to
the publish-release job scope by keeping it at the workflow root so all jobs,
including publish-release and Prune-B2PackageVersions, are protected.
- Around line 48-58: Replace the deprecated top-level B2 CLI command `b2
clear-account` with the v4 nested form `b2 account clear` in the workflow:
update the deauthentication call (currently `b2 clear-account`) to `b2 account
clear` where it appears after the `b2 account authorize`/`b2 ls` block
(reference variables: $markerPath, $existingMarker) and make the identical
change in the `publish-release` job where the same old command is used.
---
Nitpick comments:
In @.github/workflows/push.yml:
- Around line 41-58: The step with id "bridge-check" treats any failure from the
b2 client as a missing marker because it never checks command exit status;
update the PowerShell block to check $LASTEXITCODE immediately after running "b2
account authorize" and after "b2 ls" (the invocation that sets $existingMarker)
and exit the step with a non‑zero code (fail the job) if either command failed,
instead of writing publish-bridge=true; also pin the pip install to a specific
known safe version (replace "pip install ... b2" with "pip install ...
b2==<x.y.z>" in this step and the similar install at line ~436) so future b2
releases don’t silently break the workflow.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 718b9588-bbe8-4452-8d92-d7bdad0cc527
📒 Files selected for processing (2)
.github/workflows/push.ymlDocs/Build_and_Test_Guide.md
| permissions: | ||
| contents: write | ||
|
|
||
| jobs: | ||
| env: | ||
| LEGACY_BRIDGE_VERSION: '2026.04.23.553' | ||
| LEGACY_BRIDGE_MARKER: 'legacy-clickonce-bridge-version.txt' | ||
| MODER_UPDATE_COMMIT: 'd547c9905d0cb706aa163e418ab5ef424a14dc9c' | ||
|
|
||
| BuildClickOnce: | ||
| jobs: |
There was a problem hiding this comment.
Add a concurrency group to serialize overlapping releases.
Two quick pushes to master will trigger two full workflow runs in parallel. In publish-release, Prune-B2PackageVersions deletes every version of every B2 package file whose fileName is not in the current run's KeepRelativePaths. If run A and run B execute concurrently with different package sets, each run will happily delete the other's freshly uploaded packages, plus they can race on b2 sync and on publishing the same/adjacent GitHub Release tags. A workflow-level concurrency block is the simplest guard.
🛡️ Proposed fix
permissions:
contents: write
+concurrency:
+ group: push-release-${{ github.ref }}
+ cancel-in-progress: false
+
env:🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/push.yml around lines 10 - 18, Add a workflow-level
concurrency block to serialize overlapping releases so concurrent runs can't
delete or race each other's B2 packages or release tags; in the push.yml
top-level (near the existing env and permissions) add a concurrency: group using
a stable key that includes the ref and a release identifier (e.g.,
"publish-release-${{ github.ref }}" or similar) and set cancel-in-progress:
false (or true based on desired behavior) so runs for the same branch are
executed/queued serially; ensure the block applies to the publish-release job
scope by keeping it at the workflow root so all jobs, including publish-release
and Prune-B2PackageVersions, are protected.
| run: | | ||
| pip install --quiet --cache-dir C:\pip-cache b2 | ||
| b2 account authorize $env:B2_APPKEY_ID $env:B2_APPKEY --quiet | ||
| $markerPath = "TelegramSearchBot/$env:LEGACY_BRIDGE_MARKER" | ||
| $existingMarker = b2 ls --recursive "b2://$env:B2_BUCKET/$markerPath" | ||
| if ([string]::IsNullOrWhiteSpace($existingMarker)) { | ||
| "publish-bridge=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | ||
| } else { | ||
| "publish-bridge=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | ||
| } | ||
| b2 clear-account |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
b2 CLI v4 clear-account vs account clear command
💡 Result:
In Backblaze B2 CLI v4 (as of v4.0.2), the preferred command to clear the local authentication cache is b2 account clear. The legacy standalone command b2 clear-account from earlier versions (e.g., v3 and v2) is deprecated. Both commands erase the local cache (SQLite database or ~/.b2_account_info) used for storing account authorization tokens and related data, effectively logging out the CLI session. Use b2 account clear for new scripts and compatibility with the latest interface.
Citations:
- 1: https://b2-command-line-tool.readthedocs.io/
- 2: https://b2-command-line-tool.readthedocs.io/en/v4.0.0/
- 3: https://github.com/Backblaze/B2_Command_Line_Tool/tree/v4.0.2/
- 4: https://b2-command-line-tool.readthedocs.io/en/stable/commands.html
- 5: https://b2-command-line-tool.readthedocs.io/en/v4.0.2/
- 6: https://github.com/Backblaze/B2_Command_Line_Tool/blob/v4.0.2/CHANGELOG.md
- 7: https://b2-command-line-tool.readthedocs.io/en/stable/
🏁 Script executed:
cd .github/workflows && cat -n push.yml | sed -n '435,461p'Repository: ModerRAS/TelegramSearchBot
Length of output: 1829
Replace deprecated b2 clear-account with b2 account clear (v4 CLI syntax).
Line 58 uses the legacy command b2 clear-account from B2 CLI v2/v3, while line 50 uses the v4 nested form b2 account authorize. Since pip install b2 resolves to v4, use the consistent nested syntax b2 account clear for deauthentication. The same inconsistency exists at line 459 in the publish-release job.
♻️ Proposed fix
- b2 clear-account
+ b2 account clearApply the same change at line 459.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: | | |
| pip install --quiet --cache-dir C:\pip-cache b2 | |
| b2 account authorize $env:B2_APPKEY_ID $env:B2_APPKEY --quiet | |
| $markerPath = "TelegramSearchBot/$env:LEGACY_BRIDGE_MARKER" | |
| $existingMarker = b2 ls --recursive "b2://$env:B2_BUCKET/$markerPath" | |
| if ([string]::IsNullOrWhiteSpace($existingMarker)) { | |
| "publish-bridge=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | |
| } else { | |
| "publish-bridge=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | |
| } | |
| b2 clear-account | |
| run: | | |
| pip install --quiet --cache-dir C:\pip-cache b2 | |
| b2 account authorize $env:B2_APPKEY_ID $env:B2_APPKEY --quiet | |
| $markerPath = "TelegramSearchBot/$env:LEGACY_BRIDGE_MARKER" | |
| $existingMarker = b2 ls --recursive "b2://$env:B2_BUCKET/$markerPath" | |
| if ([string]::IsNullOrWhiteSpace($existingMarker)) { | |
| "publish-bridge=true" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | |
| } else { | |
| "publish-bridge=false" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append | |
| } | |
| b2 account clear |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/push.yml around lines 48 - 58, Replace the deprecated
top-level B2 CLI command `b2 clear-account` with the v4 nested form `b2 account
clear` in the workflow: update the deauthentication call (currently `b2
clear-account`) to `b2 account clear` where it appears after the `b2 account
authorize`/`b2 ls` block (reference variables: $markerPath, $existingMarker) and
make the identical change in the `publish-release` job where the same old
command is used.
| - uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.9' |
There was a problem hiding this comment.
Upgrade actions/setup-python to v5 (actionlint warns v4 runner is too old).
The GHA runner no longer supports the Node runtime bundled with actions/setup-python@v4, so this step will eventually fail on hosted runners. Same applies to line 28 in the prepare job.
🛠️ Proposed fix
- - uses: actions/setup-python@v4
+ - uses: actions/setup-python@v5
with:
python-version: '3.9'Apply at both lines 28 and 327.
Based on actionlint hint: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.9' |
🧰 Tools
🪛 actionlint (1.7.12)
[error] 327-327: the runner of "actions/setup-python@v4" action is too old to run on GitHub Actions. update the action's version to fix this issue
(action)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/push.yml around lines 327 - 329, Replace usages of the
actions/setup-python@v4 action with actions/setup-python@v5 wherever it's
referenced in the workflow (notably the step that sets python-version: '3.9' and
the analogous step in the prepare job); update both occurrences so the workflow
uses actions/setup-python@v5 to avoid the old runner/runtime issues flagged by
actionlint and keep the python-version input unchanged.
1 participant
Summary
Summary by CodeRabbit
Chores
Documentation