feat: add nightly release pipeline #673
Conversation
Add a scheduled workflow that runs daily at 2:00 AM UTC to build and publish nightly artifacts from the main branch. Key design decisions: - Single GitHub release page: deletes and recreates the `nightly` release each run so there's only ever one nightly release on the repo - Docker images tagged `:nightly` only — `:latest` remains tied to versioned releases - Skips build if no new commits since last nightly (compares tag SHA) - Publishes binary, npm tarball, and checksums as release assets - Marked as prerelease to distinguish from stable releases - Supports manual trigger via workflow_dispatch Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
✅ Coverage Check PassedOverall Coverage
Coverage comparison generated by |
Deno Build Test Results
Overall: ✅ PASS All Deno tests completed successfully.
|
Build Test: Node.js - ResultsAll Node.js build tests PASSED ✅
Overall: PASS
|
There was a problem hiding this comment.
Pull request overview
Adds a new GitHub Actions workflow to produce and publish “nightly” artifacts from main on a schedule (and via manual trigger), including GHCR images and a GitHub prerelease that’s reused each run.
Changes:
- Introduces
.github/workflows/nightly.ymlscheduled at 02:00 UTC with optional manualworkflow_dispatch. - Builds and pushes
:nightlyDocker images (squid/agent/agent-act) and produces binary/npm/checksums release assets. - Implements “skip if no new commits” logic and regenerates a single
nightlyprerelease with a commit-based changelog.
Comments suppressed due to low confidence (2)
.github/workflows/nightly.yml:214
- Using
--target maincan make thenightlytag/release point at a newer commit than the one this job built if new commits land onmainwhile the workflow is running. To keep the release/tag consistent with the produced images/assets, create/update thenightlytag at the checked-outHEADSHA (force-push if needed) and/or pass the explicit commit SHA as the--target.
gh release create nightly \
--title "Nightly Build (${DATE})" \
--notes-file release_notes.md \
--prerelease \
--target main \
release/awf-linux-x64 \
.github/workflows/nightly.yml:153
- Like the earlier commit-check step,
git rev-parse nightly/nightly..HEADis ambiguous if anightlybranch ever exists. Use the explicit tag ref (refs/tags/nightly..HEAD) so the changelog is always computed from the last nightly tag.
# Get commits since last nightly (or last 20 if no previous nightly)
if git rev-parse nightly >/dev/null 2>&1; then
CHANGELOG=$(git log --oneline --pretty=format:"- %s (%h)" nightly..HEAD 2>/dev/null || echo "- Nightly build from main")
else
CHANGELOG=$(git log --oneline --pretty=format:"- %s (%h)" -20 2>/dev/null || echo "- Initial nightly build")
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| if git rev-parse nightly >/dev/null 2>&1; then | ||
| LAST_NIGHTLY_SHA=$(git rev-parse nightly) |
There was a problem hiding this comment.
git rev-parse nightly can resolve to a branch name as well as a tag. Since this workflow’s logic depends on the tag specifically, use refs/tags/nightly (or nightly^{tag}) consistently when reading the last nightly SHA to avoid ambiguity if a nightly branch ever exists.
This issue also appears on line 149 of the same file.
| if git rev-parse nightly >/dev/null 2>&1; then | |
| LAST_NIGHTLY_SHA=$(git rev-parse nightly) | |
| if git rev-parse refs/tags/nightly >/dev/null 2>&1; then | |
| LAST_NIGHTLY_SHA=$(git rev-parse refs/tags/nightly) |
.github/workflows/nightly.yml
Outdated
| - name: Check for new commits since last nightly | ||
| id: check_commits | ||
| run: | | ||
| # Get the timestamp of the existing nightly tag (if any) |
There was a problem hiding this comment.
The comment says "Get the timestamp" but the code is actually comparing SHAs. Update the comment to match the behavior (SHA comparison) to avoid confusion when maintaining this workflow.
| # Get the timestamp of the existing nightly tag (if any) | |
| # Compare the commit SHA of the nightly tag (if any) with the current HEAD |
| cat > release_notes.md <<EOF | ||
| ## Nightly Build — ${DATE} | ||
|
|
||
| Built from [\`main@${SHORT_SHA}\`](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}) (${NIGHTLY_VERSION}) | ||
|
|
There was a problem hiding this comment.
The release notes link uses ${{ github.sha }}, but this workflow always checks out ref: main. For workflow_dispatch runs (or if the event SHA differs from the checked-out commit), this can generate a link that doesn’t match the artifacts/images that were actually built. Prefer linking to git rev-parse HEAD (full SHA) captured from the checkout.
This issue also appears on line 209 of the same file.
| gh release delete nightly --yes 2>/dev/null || true | ||
| # Delete the remote tag | ||
| git push origin :refs/tags/nightly 2>/dev/null || true | ||
| # Delete the local tag | ||
| git tag -d nightly 2>/dev/null || true |
There was a problem hiding this comment.
This step ignores all errors when deleting the existing release/tag (|| true). That can hide real failures (auth/permission, API outages) and then later steps fail with less actionable errors (e.g., release already exists). Prefer checking for existence first (or only ignoring "not found"), and fail the job on unexpected delete failures.
| gh release delete nightly --yes 2>/dev/null || true | |
| # Delete the remote tag | |
| git push origin :refs/tags/nightly 2>/dev/null || true | |
| # Delete the local tag | |
| git tag -d nightly 2>/dev/null || true | |
| if gh release view nightly >/dev/null 2>&1; then | |
| gh release delete nightly --yes | |
| fi | |
| # Delete the remote tag (if it exists) | |
| if git ls-remote --tags origin nightly | grep -q 'refs/tags/nightly'; then | |
| git push origin :refs/tags/nightly | |
| fi | |
| # Delete the local tag (if it exists) | |
| if git rev-parse -q --verify refs/tags/nightly >/dev/null 2>&1; then | |
| git tag -d nightly | |
| fi |
| jobs: | ||
| nightly: | ||
| name: Nightly Build and Release | ||
| runs-on: ubuntu-latest |
There was a problem hiding this comment.
Add a concurrency group for this workflow/job. As written, a manual workflow_dispatch run can overlap with the scheduled run, and both will delete/recreate the same nightly release/tag and push the same :nightly image tags, which can race and leave the release or images in an inconsistent state.
| runs-on: ubuntu-latest | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: nightly-release | |
| cancel-in-progress: false |
|
Smoke Test Results - Claude Engine ✅ GitHub MCP: Last merged PR - "fix: use lowercase discussion categories to restore create_discussion tool" Status: PASS
|
Go Build Test Results
Overall: PASS ✅ All Go projects built and tested successfully.
|
|
Smoke Test Results 🧪
Status: ✅ PASS cc @Mossaka
|
❌ Build Test: Bun - FAILEDTest Status: FAILED - Environment Issue Error DetailsBun installation succeeded, but Root Cause: The Environment IssueThis test cannot proceed without Test Results
Overall: FAILED - Environment incompatibility RecommendationThis test requires:
The label
|
❌ Build Test: Rust - FAILEDStatus: CRITICAL ENVIRONMENT ISSUE Unable to execute Rust build tests due to a critical runner environment problem. Issue DetailsThe Rust toolchain installation is corrupted on this GitHub Actions runner:
Attempted Solutions
Required ActionThis requires GitHub Actions runner environment investigation:
Test Projects Unable to Run
|
- Add concurrency group to prevent parallel run races - Add timeout-minutes (30min) to avoid wasting runner time - Make workflow_dispatch bypass the "no new commits" skip logic - Split heredoc into parts to avoid shell expansion of changelog content (commit messages with $ or backticks could corrupt notes) - Add upload-artifact step for debugging failed runs - Add binary verification logging (ls -lh, file) - Remove redundant --oneline from git log commands - Quote $GITHUB_OUTPUT references Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Build Test: Java - FAILED ❌Infrastructure ErrorCannot execute Java build tests due to corrupted Java installation on the runner: Issue: The Java binary at Evidence: Impact: Cannot compile or test any Java projects (gson, caffeine) until the Java installation is fixed. Test Status
Overall: FAILED (Infrastructure issue - corrupted Java installation) Action Required: GitHub Actions runner image needs Java reinstallation before Java build tests can proceed.
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
💫 TO BE CONTINUED... Smoke Claude failed! Our hero faces unexpected challenges... |
C++ Build Test Results
Overall: PASS All C++ projects built successfully.
|
Deno Build Test Results
Overall: ✅ PASS All Deno tests completed successfully.
|
❌ Build Test: Rust - FAILEDError: Rust toolchain not available in the test environment.
Overall: FAIL IssueThe GitHub Actions runner does not have Solution RequiredAdd Rust toolchain setup to the workflow file: - name: Setup Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
profile: minimalor use
|
Build Test: Node.js - Results
Overall: PASS ✅ All Node.js projects successfully installed dependencies and passed their test suites.
|
Go Build Test Results
Overall: PASS ✅ All Go projects successfully downloaded dependencies and passed their tests.
|
|
Smoke Test Results ✅ PASS
cc @Mossaka
|
Build Test: Java - ❌ FAILEDStatus: Unable to execute tests due to environment issues Test Results
Overall: FAILED Error DetailsThe Java runtime environment is not functional in the GitHub Actions runner. Attempts to execute Java commands result in errors: Investigation needed:
The test repository was cloned successfully from
|
Build Test: Bun - FAILED ❌Status: Unable to run tests due to environmental limitations Summary
Overall: FAIL IssueBun cannot execute in this environment due to missing
RecommendationTo run Bun tests, use a standard GitHub Actions runner environment: runs-on: ubuntu-latest # Instead of container-based executionOr consider using Node.js/Deno runtimes which don't require
|
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 |
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
Smoke Test Results - Claude Last 2 merged PRs:
✅ GitHub MCP - retrieved PR data Status: PASS
|
Deno Build Test Results ✅
Overall: PASS All Deno tests completed successfully.
|
|
Copilot Smoke Test Results Last 2 merged PRs:
✅ GitHub MCP Status: PASS cc @Mossaka
|
Node.js Build Test Results
Overall: ✅ PASS All Node.js projects built and tested successfully.
|
C++ Build Test Results
Overall: PASS ✅ All C++ projects built successfully.
|
Build Test: Bun - FAILED ❌Summary: Bun runtime installed successfully, but the test runner crashes in the GitHub Actions environment.
Overall: FAIL Error DetailsBun Version: 1.3.9 Both test projects failed with the same error: Root Cause: The Bun test runner consistently crashes with a core dump in the GitHub Actions container environment. This occurs even with minimal test files using only Bun's built-in test framework ( Attempted:
This appears to be an incompatibility between Bun's test runner and the GitHub Actions containerized environment, possibly related to missing system capabilities or kernel features required by Bun's test harness.
|
Build Test Results: Rust
Overall: PASS ✅ All Rust projects built successfully and passed their test suites.
|
Build Test: Java - UNABLE TO EXECUTEStatus: ❌ FAILED - Java Runtime Not Available SummaryUnable to execute Java tests due to a runtime environment issue within the AWF firewall container. Issue DetailsWhen attempting to run Java binaries ( Attempted diagnostics:
Root CauseThis appears to be a deep integration issue with the AWF chroot environment ( Required ActionThis workflow cannot be completed until Java execution is properly supported in the AWF firewall environment. This likely requires:
Test Projects
Overall: FAILED
|
1 participant
Summary
mainat 2:00 AM UTCnightlyrelease page (deletes and recreates each run) to avoid release page sprawl:nightlyonly —:latestremains tied to versioned releasesnightlytag SHA to HEAD)workflow_dispatchWhat gets published
ghcr.io/.../squid:nightlyghcr.io/.../agent:nightlyghcr.io/.../agent-act:nightlyawf-linux-x64(release asset)awf.tgz(release asset)checksums.txt(release asset)Differences from the release pipeline
release.yml)nightly.yml)v*.*.*tag push:latest+:version:nightlyonlynightlypageUsage
Test plan
workflow_dispatchand verify it builds successfully:nightlytag only (:latestunchanged)nightlyrelease exists after multiple runs🤖 Generated with Claude Code