From 5be5b35d55593b64b010357d8d6f76e78748dfc4 Mon Sep 17 00:00:00 2001
From: Abdelrahman Essawy <abdelrahman.mo.essawy@gmail.com>
Date: Mon, 1 Jun 2026 02:57:11 +0300
Subject: [PATCH] fix(ci): smoke retry defeated by errexit; make npm publish
 idempotent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The smoke step runs under GitHub''s default `bash -e`. Inside the backoff
loop, `OUTPUT=$(npx -y @rendobar/mcp@VERSION ...)` returns non-zero when the
npm CDN hasn''t propagated yet (~30s after publish), and errexit aborts the
step before EXIT is captured or any retry runs — the 5x/150s backoff never
executes. v1.0.2 published fine but smoke failed on attempt 1, skipping the
GitHub Release + MCP registry steps. Add `set +e` so the loop owns its
control flow.

Also make the publish step idempotent: skip if the version is already on
npm, so a recovery re-run (or a manual dispatch to backfill a skipped
downstream step) doesn''t 403 on the existing version.
---
 .github/workflows/release.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 299abfc..afa0f06 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,7 +64,16 @@ jobs:
       - run: pnpm build
 
       - name: Publish to npm via OIDC trusted publisher
+        env:
+          VERSION: ${{ steps.tag.outputs.version }}
         run: |
+          # Idempotent: npm publish 403s on an existing version, so a recovery
+          # re-run (after a later step like smoke/registry failed) would abort
+          # here. If this version is already live, treat publish as done.
+          if [ "$(npm view "@rendobar/mcp@${VERSION}" version 2>/dev/null)" = "$VERSION" ]; then
+            echo "@rendobar/mcp@${VERSION} already published — skipping publish."
+            exit 0
+          fi
           # Retry up to 3 times for transient registry blips.
           for i in 1 2 3; do
             if npm publish --provenance --access public; then
@@ -80,6 +89,11 @@ jobs:
         env:
           VERSION: ${{ steps.tag.outputs.version }}
         run: |
+          # This step drives its own retry loop. GitHub's default `bash -e`
+          # would abort on the first npx miss (slow CDN propagation right after
+          # publish) inside `OUTPUT=$(npx ...)`, before EXIT is even captured —
+          # defeating the backoff entirely. Disable errexit for the loop.
+          set +e
           PKG="@rendobar/mcp@${VERSION}"
           # npm CDN propagation backoff: 30s, 60s, 90s, 120s, 150s.
           # Use `-- --version` so npx unambiguously passes the flag to the bin