Release v0.21.1#270
Conversation
emal-avala
added
the
run-e2e
ChatGPT Codex Connector
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 8df0c8f851
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| COPY crates/ crates/ | ||
|
|
||
| RUN cargo build --release --locked | ||
| RUN cargo update --workspace && cargo build --release --locked |
There was a problem hiding this comment.
Running cargo update --workspace in the Docker build stage mutates Cargo.lock and re-resolves dependency versions before cargo build --release --locked, which defeats the point of a locked/reproducible release build for a given commit. cargo update --help explicitly describes this command as updating dependencies in the lockfile, so rebuilding the same SHA later can pull different transitive versions (or fail due to upstream index/network state) instead of using the repository’s reviewed lockfile. The lockfile should be updated and committed in the release commit rather than rewritten during image build.
Useful? React with 👍 / 👎.
Per RELEASING.md step 3, the original v0.21.1 prep PR bumped versions
without stamping the CHANGELOG. v0.21.0 itself was tagged off-spec:
the version bump never landed in main and no CHANGELOG entry was
written. v0.21.0 is preserved per the rollback policy ("don't delete
the tag — downstream may have pinned it"); this commit retroactively
documents what's in it.
CHANGELOG additions:
- v0.21.0 — full backfill covering 20+ PRs across new tools (cron,
remote-trigger, Brief/Config/McpAuth), accessibility-aware theme
picker + first-run onboarding + OSC 11 detection, plugin marketplace
MVP, output styles, team-memory layer, settings migrations, bash
hardening, task variants, plus the security fixes from the multiple
codex review rounds (validate_input pre-hook, mode-preserving atomic
writes, defense-in-depth path validation, fail-closed McpAuth).
- v0.21.1 — version sync; source-equivalent to v0.21.0, restoring
Cargo.toml/Dockerfile/npm to the right version string.
- Comparison links updated for both new entries.
…te from Docker build The previous PR #270 commit added `cargo update --workspace` ahead of `cargo build --release --locked` in the Dockerfile because the bumped crate versions (0.20.0 → 0.21.1) had not been re-resolved in Cargo.lock, so a plain locked build failed. That defeated the point of a locked release build: every image rebuild of the same source SHA was free to pull different transitive versions, and could fail outright on upstream index churn or network state. The right move is to update and commit the lockfile in the release commit, not at image-build time. - Re-resolve Cargo.lock locally so it matches the bumped 0.21.1 workspace versions plus the libc add already in main. - Restore the Dockerfile to a single `cargo build --release --locked` step. Image rebuilds now use the reviewed lockfile bytes for bit stability.
1 participant
Summary
Cuts v0.21.1. Bumps
agent-code-lib,agent-code, the eval crate's path dependency, and the npm wrapper from 0.21.0 to 0.21.1.Release repair
v0.21.0tag and cuts a patch release instead of moving an existing tag.Cargo.lock.Verification
run-e2elabel addedcargo check --all-targetscargo test --all-targetscargo clippy --all-targets -- -D warningscargo fmt --all -- --checkrun-e2eworkflow passedLocal cargo commands were not run because the local executor rejects non-
ghcommands before shell startup withunexpected argument '--sandbox-policy'.After merge
Tag
v0.21.1onmainand push the tag. Release automation handles binaries, crates.io publish, npm publish, Docker image publish, and Homebrew tap update.