ci(publish): fail loudly if packages don't actually land on the registry#83
Merged
Conversation
pnpm -r publish printed success for all 15 @otaip/* packages on the first run, but several returned 404 on the registry for ~5 minutes afterward. If the publish had genuinely failed (wrong scope, expired token, org-membership miss), the job would still have exited 0 and we'd only notice when consumers hit 404s. Add a verification step that polls the registry for each of the 15 @otaip/* packages after publish, expects the just-released version as dist-tags.latest, retries for up to a minute per package, and fails the job if any package isn't live. No code changes. Workflow-only. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
telivity-otaip
pushed a commit
that referenced
this pull request
Apr 18, 2026
Eleven PRs (#73–#83) merged since 0.6.2: - Codex review closeout (12 findings, all severities) - First npm publish of the @otaip/* scope - HTTP hardening (fetchWithRetry, https defaults) - EU 261 + US DOT IDB regulation modules in @otaip/core - Per-transaction GDS/NDC routing - ATPCO-rule-driven change/refund penalties (no invented defaults) - CLI agent registry auto-discovery - Bootstrap docs + single-source agent count - CI/publish workflow hardening (fail on test failures, verify packages live) Root + 15 workspace packages bumped 0.6.2 → 0.6.3. See CHANGELOG.md 0.6.3 entry for full detail and potentially-breaking notes. Verification: 3,092 tests pass, all 16 packages build, dry-run publish emits 15 tarballs at 0.6.3. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
6 tasks
telivity-otaip
pushed a commit
that referenced
this pull request
Apr 19, 2026
…ository.url Two small post-mortem fixes from the v0.6.4 hotelbeds publish. 1. publish.yml verify step The "Verify packages are live on npm" step previously hardcoded a list of 15 package names. v0.6.4 added @otaip/adapter-hotelbeds, the hardcoded list wasn't updated, pnpm's "+ pkg@version" output looked successful, and the registry CDN's read-side propagation lag masked the gap from the operator. Net result: the step claimed success while hotelbeds was actually missing from the registry for several minutes. Replaced with workspace discovery: any non-private @otaip/* package gets verified. Any future new package is picked up automatically. If discovery returns an empty list, the step fails loudly rather than silently — same intent as the original "fail loudly" comment that PR #83 introduced. Local repro confirms the snippet returns the expected 16 packages (15 prior + new hotelbeds). 2. repository.url canonical form npm has been auto-correcting "https://..." → "git+https://..." on every publish since the original 0.6.0 cut, emitting a warning each time. Fixed across all 17 published package.json files (root + 16 @otaip/* packages). Same change npm has been silently applying — no behavior change downstream. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up to the first npm publish (PR #82). All 15 `@otaip/*` packages did publish successfully, but several returned 404 on the registry for ~5 minutes after pnpm reported success. If the publish had genuinely failed (wrong scope, expired token, org membership miss, etc) the job would still have exited 0 — we'd only notice when consumers hit 404s.
Add a verification step to `publish.yml`:
Workflow-only. No code changes.
Test plan
🤖 Generated with Claude Code