Skip to content

Fix/release plugin#18

Merged
eschaar merged 2 commits intomainfrom
fix/release-plugin
Apr 22, 2026
Merged

Fix/release plugin#18
eschaar merged 2 commits intomainfrom
fix/release-plugin

Conversation

@eschaar
Copy link
Copy Markdown
Owner

@eschaar eschaar commented Apr 22, 2026

Summary

Hardened release packaging/versioning and aligned Poetry installation across CI workflows.

  • Fixed release tag creation flow with compact in-step SemVer validation (X.Y.Z without v prefix) in release.yml.
  • Pinned Poetry CLI version via POETRY_VERSION and upgraded pin to 2.3.4.
  • Enabled poetry-dynamic-versioning plugin in release build runtime to prevent fallback 0.0.0 artifacts.
  • Added plugin visibility step (poetry self show plugins) for easier CI troubleshooting.
  • Kept release build safeguards:
    • checkout pinned to refs/tags/${{ needs.release.outputs.version }}
    • tag checkout validation before build
    • built artifact version validation after build
  • Aligned Poetry installation to the same pinned version across:
    • release.yml
    • qa.yml
    • verify.yml
    • security.yml
  • Updated CHANGELOG.md with 1.3.3 entries matching these workflow fixes.

Related Issues

  • PyPI release produced 0.0.0 artifacts instead of expected SemVer tag version.

Validation

  • Tests pass locally
  • CI checks pass
  • Docs updated (if needed)

Release Impact

  • fix: (patch)
  • feat: (minor)
  • BREAKING CHANGE (major)
  • No release impact

Copilot AI review requested due to automatic review settings April 22, 2026 00:25
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR hardens the release/versioning workflow for vstack’s packaging pipeline by pinning Poetry consistently across CI workflows and ensuring poetry-dynamic-versioning is active during release builds to avoid 0.0.0 artifacts.

Changes:

  • Pin Poetry via POETRY_VERSION and use it consistently across release.yml, qa.yml, verify.yml, and security.yml.
  • Update release tag creation to inline strict SemVer validation (X.Y.Z, no v prefix) and improve tag handling.
  • Ensure release build runtime can see the dynamic versioning plugin and add a plugin visibility step for troubleshooting.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
CHANGELOG.md Adds 1.3.3 notes documenting the workflow hardening and packaging fixes.
.github/workflows/release.yml Pins Poetry, injects dynamic versioning plugin into the Poetry runtime for release builds, adds plugin listing, and inlines SemVer validation in tag creation.
.github/workflows/qa.yml Pins Poetry installation via POETRY_VERSION for QA jobs.
.github/workflows/verify.yml Pins Poetry installation via POETRY_VERSION for PR verification jobs.
.github/workflows/security.yml Pins Poetry installation via POETRY_VERSION for PR security scanning job.

Comment thread .github/workflows/release.yml
@eschaar eschaar merged commit 0864b95 into main Apr 22, 2026
16 checks passed
@eschaar eschaar deleted the fix/release-plugin branch April 22, 2026 00:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eschaar