Normalize changelog PR metadata from repo sync#10971
Conversation
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
There was a problem hiding this comment.
Overview
This PR normalizes changelog metadata for release workflows running from warp-internal by resolving repo-sync PRs to public warp PR metadata, omitting non-sync internal PRs, and using explicit PR URLs during release JSON conversion.
Concerns
- Unresolved repo-sync PRs still fall back to internal PR metadata, which can lead to incorrect changelog attribution/links and leak internal-repo details into generated artifacts.
- The internal-repo filtering gate compares the repository name literally, so equivalent casing of
warpdotdev/warp-internalwould bypass the privacy filter.
Security
- The changed filtering logic is the privacy boundary for keeping non-sync internal PRs out of changelog artifacts; normalize the repository name before applying that boundary.
Verdict
Found: 0 critical, 2 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
| private/internal changes. Do not expose them to the Oz changelog agent or to | ||
| generated artifacts. | ||
| """ | ||
| return repo != INTERNAL_REPO or is_repo_sync_pr(data) |
There was a problem hiding this comment.
warpdotdev/warp-internal cannot leak non-sync internal PRs into changelog artifacts.
| if public_pr_number is None: | ||
| return repo, data, internal_pr | ||
|
|
||
| public_data = fetch_pr_data(PUBLIC_REPO, public_pr_number) | ||
| if public_data is None: | ||
| return repo, data, internal_pr |
There was a problem hiding this comment.
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
There was a problem hiding this comment.
Overview
This PR updates the changelog draft workflow so release runs from warpdotdev/warp-internal normalize repo-sync PRs back to public warpdotdev/warp metadata and avoid synthesized public links.
Concerns
- Unresolved repo-sync PRs currently fall back to internal PR metadata instead of being omitted or failed, which can leak
warp-internaldetails into changelog generation artifacts and violates the normalization guarantee.
Security
- The fallback path can expose internal PR metadata when public PR resolution fails.
Verdict
Found: 0 critical, 1 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
|
|
||
| public_pr_number = resolve_public_pr_number(repo, pr_number, data) | ||
| if public_pr_number is None: | ||
| return repo, data, internal_pr |
There was a problem hiding this comment.
internal_pr metadata into changelog generation instead of suppressing it. Return None/skip the PR or fail closed here so unresolved repo-sync PRs cannot leak warp-internal details into generated artifacts.
danielpeng2
left a comment
danielpeng2
left a comment
There was a problem hiding this comment.
Couple questions about the Slack changes:
- Have you tested that this works in the Github workflow? We should make sure that the process for posting to #release doesn't break if we merge this in.
- What does the new format for the Slack message looks like? It would make it easier to review if there was an example of the updated format.
Can we align on the formatting before we make changes here? I'm worried that the formatting will change in a way that makes it harder for engineers to construct the changelog. Happy to get on a call to hash this out.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Resolve repo-sync PRs from warp-internal back to public warp PR metadata before changelog generation, and omit private internal PRs that were not created by the sync bot. Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
vikvang
force-pushed
the
oz/changelog-normalize-repo-sync
branch
from
5aeef20 to
8afbfcc
Compare
## Description - Stack this follow-up on #10971 so the link-normalization review stays focused. - Keep the stable-release Slack changelog payload readable and link-safe, including contributor/profile links. - Upload the generated raw Markdown changelog as a workflow artifact and add a Slack link to that artifact for easier oncall/client copy-paste workflows. ## Linked Issue N/A — release workflow follow-up. - [ ] The linked issue is labeled `ready-to-spec` or `ready-to-implement`. - [ ] Where appropriate, screenshots or a short video of the implementation are included below (especially for user-visible or UI changes). ## Testing - `python3 -m py_compile .agents/skills/changelog-draft/scripts/build_slack_payload.py .agents/skills/changelog-draft/scripts/convert_to_release_json.py .agents/skills/changelog-draft/scripts/fetch_issue_reporters.py` - Local Slack payload regression covering: - Markdown PR/profile link conversion to Slack `<url|label>` links - raw Markdown artifact link block generation - percent-encoding of Slack link delimiters (`|`, `<`, `>`) in Markdown URLs and artifact URLs - Ruby YAML parse of `.github/workflows/create_release.yml` - `git diff --check` - `cargo fmt` - `cargo clippy --workspace --all-targets --all-features --tests -- -D warnings` - [ ] I have manually tested my changes locally with `./script/run` ### Example Slack output Representative generated Slack text after this PR, with the artifact URL shortened here for readability: **Header** Changelog for v0.2026.05.20.09.21.stable_00 **Artifact block** Raw Markdown changelog: <https://github.com/warpdotdev/warp-internal/actions/runs/.../artifacts/...|Download raw Markdown changelog artifact> **Changelog block** *New Features* • Added tab dragging between windows. (<https://github.com/warpdotdev/warp/pull/9275|#9275>) *Improvements* • Added `warposs://pane/{uuid}` deep links. (<https://github.com/warpdotdev/warp/pull/9655|#9655>) — <https://github.com/Akeuuh|@Akeuuh> ✨ *Bug Fixes* • Fixed file picker path truncation. (<https://github.com/warpdotdev/warp/pull/9885|#9885>) — <https://github.com/bradleyjames|@bradleyjames> ✨ *oz_updates* • Configurable max context window per profile. (<https://github.com/warpdotdev/warp/pull/9352|#9352>) ### Screenshots / Videos Not applicable for this release workflow change. ## Agent Mode - [x] Warp Agent Mode - This PR was created via Warp's AI Agent Mode ## Agent context - Conversation: https://staging.warp.dev/conversation/f4d16867-0550-46b3-bf0e-7509d9bbbe9e - Plan: https://staging.warp.dev/drive/notebook/P70nhN6zYmnv5PsxrcEkJ0 Co-Authored-By: Oz <oz-agent@warp.dev> --------- Co-authored-by: Oz <oz-agent@warp.dev>
4 participants
Description
Normalize changelog PR metadata when stable release workflows run from
warpdotdev/warp-internal:warpdotdev/warpPR number, URL, author, and body before changelog classificationwarp-internalPRs so private/internal work is not exposed in changelog artifactsLinked Issue
ready-to-specorready-to-implement.Testing
python3 -m py_compile .agents/skills/changelog-draft/scripts/fetch_prs.py .agents/skills/changelog-draft/scripts/convert_to_release_json.pyLive validation:
warp-internal#25712resolves to publicwarp#9444with authorFaizanqLive validation: non-sync
warp-internal#25339is excluded before changelog outputLive validation: public
warp#9444remains unchangedConverter fixture validates resolved public links and no synthesized link for records without URLs
git diff --checkcargo fmtAttempted
cargo clippy --workspace --all-targets --all-features --tests -- -D warnings, but it was blocked by the local macOS Metal Toolchain missing before code diagnostics ran (xcodebuild -downloadComponent MetalToolchain)I have manually tested my changes locally with
./script/runAgent Mode
CHANGELOG-NONE
Co-Authored-By: Oz oz-agent@warp.dev