Skip to content

Guard release.sh against tagging the wrong commit#35

Merged
fredrivett merged 1 commit into
mainfrom
fredrivett/release-guards
Jul 2, 2026
Merged

Guard release.sh against tagging the wrong commit#35
fredrivett merged 1 commit into
mainfrom
fredrivett/release-guards

Conversation

@fredrivett

@fredrivett fredrivett commented Jul 2, 2026

Copy link
Copy Markdown
Owner

What

release.sh tagged whatever commit was checked out, so running it from a feature branch would silently tag the wrong commit (and build/publish it).

Change

Before tagging, the script now:

  1. Requires a clean working tree — refuses if there are uncommitted changes, so nothing gets stranded or accidentally tagged.
  2. git fetch origin --tags — gets the real remote state (also ensures current-version detection sees the latest tags).
  3. Switches to main and fast-forwards to origin/main — aborts with a clear message if it can't fast-forward (diverged/ahead), rather than force-updating.

It fails loudly on unexpected state instead of doing something destructive. This hard-codes "releases come from main", which matches the existing workflow (PRs target main; the release workflow builds from the tag).

Testing

bash -n release.sh passes. Guard logic is standard git plumbing; the tag/push/confirm flow is unchanged.

🤖 Generated with Claude Code


Summary by cubic

Guard release.sh to always tag an up-to-date main and fail fast on dirty or diverged state, preventing accidental releases from feature branches.

  • Bug Fixes
    • Require a clean working tree before running.
    • Run git fetch origin --tags to sync remote state.
    • Checkout main and fast-forward to origin/main (--ff-only), aborting if not possible.

Written for commit 3ac50c1. Summary will update on new commits.

Review in cubic

release.sh tagged whatever was checked out, so running it from a feature
branch would silently tag the wrong commit. Before tagging, require a
clean working tree, fetch, switch to main, and fast-forward to
origin/main — failing loudly rather than switching over uncommitted work
or force-updating over diverged state.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

@fredrivett fredrivett merged commit b10f9bd into main Jul 2, 2026
2 checks passed
@fredrivett fredrivett deleted the fredrivett/release-guards branch July 2, 2026 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant