refactor(ci): scope stable bundle to CLI/SDK/MCP and split wrappers#3070
Merged
Conversation
The previous stable orchestrator released seven packages in one queue slot, so a transient fetch failure during esign's recovery probe halted CLI/SDK/MCP and the wrappers. Split the surface so a wrapper hiccup can no longer block the tooling release. - release-stable.yml is now CLI -> SDK -> MCP only, with its own concurrency group (release-stable-tooling) and id-token: write for PyPI OIDC. Added MCP to the orchestrator's package list with the correct `pnpm publish` form (cwd, not --prefix, which errors EUSAGE). - SDK Python publish gates on orchestrator outputs instead of `git tag --points-at HEAD` - HEAD lands on MCP's commit after the bundle, so the old gate skipped Python every time. - superdoc/react/esign/template-builder/vscode-ext gain their own stable triggers and per-workflow concurrency groups so multi-trigger pushes don't cancel pending peers. - promote-stable-docs.yml is new: SuperDoc-only, listens on workflow_run completion, and gates on a real v* tag appearing between the run's head_sha and origin/stable before pushing docs-stable. - Hardening: stable recovery filters *-next.* tags so a prerelease reachable through a merge commit can't resume as @latest; fetchWithRetry wraps every release-state probe (GitHub, PyPI) with 3-attempt exponential backoff and surfaces the underlying cause. Semantic-release remains the version authority for all three; the PyPI OIDC publish step uses the version semantic-release wrote to pyproject.toml.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 90e0a87cc3
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Two issues from PR review: - The tooling bundle's `pnpm run build` only runs build:superdoc and type-check; it does not produce apps/mcp/dist. MCP's publish would ship a tarball with the declared `dist/index.js` bin missing. Add `prepareCmd: 'pnpm run build'` to apps/mcp/.releaserc.cjs so semantic-release builds MCP before publish, in any workflow. - Per-workflow concurrency groups on stable let multiple stable release workflows publish in parallel and race on `git push origin stable` via @semantic-release/git. The first push wins; the rest get non-fast-forward errors after their npm/PyPI artifacts already published, leaving orphan releases. Restore the shared `release-stable` group across the bundle, superdoc, and the four wrapper workflows so semantic-release pushes serialize. The cancel-pending behavior on multi-trigger pushes is the lesser evil vs. orphaned partial publishes; missed releases recover via workflow_dispatch.
Contributor
|
🎉 This PR is included in @superdoc-dev/mcp v0.3.0 The release is available on GitHub release |
Contributor
|
🎉 This PR is included in @superdoc-dev/mcp v0.3.0-next.33 The release is available on GitHub release |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The previous stable orchestrator released seven packages in one queue slot. A transient
fetch failedon esign's recovery probe halted CLI/SDK/MCP and the wrappers. Splitting the surface stops a wrapper hiccup from blocking the tooling release.release-stable.ymlis now CLI → SDK → MCP only, with its own concurrency group andid-token: writefor PyPI OIDC. MCP added to the orchestrator with the correctpnpm publishform (cwd, not--prefix, which errors EUSAGE).git tag --points-at HEAD— HEAD lands on MCP's commit after the bundle, so the old gate skipped Python every run.promote-stable-docs.ymlis new: SuperDoc-only, listens onworkflow_runcompletion, and gates on a realv*tag appearing between the run'shead_shaandorigin/stablebefore pushingdocs-stable. Wrappers and the tooling bundle do not advance docs.*-next.*tags so a prerelease reachable through a merge commit can't resume as@latest;fetchWithRetrywraps every release-state probe (GitHub, PyPI) with bounded exponential backoff and surfaces the underlying cause instead of swallowingfetch failed.Semantic-release remains the version authority for all three; the OIDC step on PyPI uses the version semantic-release wrote to
pyproject.toml.Considered an alternative
workflow_callchain (SuperDoc → CLI → SDK → MCP) per the impact map's "test broad, release narrow" principle. Three GitHub Actions semantics made it worse than the bundle in practice: shared concurrency cancels pending peers,id-token: writedoesn't propagate through nested callees, and overlapping path filters double-fire. The bundle keeps one queue slot, one permission context, deterministic order, and centralized partial-publish recovery.Verified:
node --check scripts/release-local-stable.mjs→ OKnode --test scripts/__tests__/release-local.test.mjs→ 22/24 (the 2 fails — SSH preview URL rewrite andrelease-esign.ymlshared workspace coverage — are pre-existing on main)yamlReview: ignore the two pre-existing test failures listed above; everything else is in scope.