fix: release workflow assets + missing EventType entry

[DhanushSantosh]

Summary

• Fixed the release workflow producing no assets beyond GitHub's auto-generated source code zip
• Added missing EventType entry that was causing TypeScript build failures in CI

What was wrong

Bug 1 — Linux native bindings installed on all platforms (setup-project/action.yml)

The composite action force-installed @rollup/rollup-linux-x64-gnu and @tailwindcss/oxide-linux-x64-gnu on all runners including macOS and Windows. This overwrote the correct platform-native binaries, crashing the Vite/Rollup build silently. Both non-Linux matrix jobs failed → the upload job never ran → no assets were attached to the release.

Fix: Added if: runner.os == 'Linux' guard to the step.

Bug 2 — Missing 'dev-server:url-detected' in EventType union (libs/types/src/event.ts)

DevServerService emits 'dev-server:url-detected' but the string was never added to the shared EventType union, causing tsc to fail on all platforms.

Fix: Added | 'dev-server:url-detected' to the union.

Minor — release.yml cleanup

• Removed redundant if: github.event.release.draft == false (already implied by types: [published])
• Added explicit actions/checkout@v4 to the upload job

Test plan

• Create a release on a fork and verify all platform assets appear (.dmg, .zip, .exe, .AppImage, .deb, .rpm)
• Confirm npm run build:packages passes with the updated EventType

🤖 Generated with Claude Code

Summary by CodeRabbit

Release Notes

This release contains internal infrastructure updates with no user-visible changes.

• Chores
  • Updated CI/CD pipeline configuration for improved build reliability across different operating systems.

[gemini-code-assist]

Summary of Changes

Hello @DhanushSantosh, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses critical issues preventing proper release asset generation and causing TypeScript build failures, thereby improving the reliability of the CI/CD pipeline. Additionally, it introduces new documentation and a utility script to standardize and streamline developer workflows for branch synchronization and feature development, including specific guidance for AI agents interacting with the repository.

Highlights

• Release Workflow Fix: Corrected the GitHub Actions release workflow to properly generate and upload platform-specific assets by adding a Linux-specific condition to native binding installations, preventing incorrect installations on other OS.
• TypeScript Build Fix: Resolved TypeScript build failures by adding the missing 'dev-server:url-detected' event type to the EventType union in libs/types/src/event.ts.
• Workflow Cleanup: Performed minor cleanup in release.yml, removing redundant conditions and explicitly adding actions/checkout@v4 to the upload job.
• New Development Workflow Documentation: Introduced a new DEVELOPMENT_WORKFLOW.md document detailing standard Git synchronization and PR workflows, including guidance for AI agents.
• New Sync Check Script: Added a check-sync.sh script to assist developers in maintaining branch synchronization with upstream release candidates and reporting status.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• .github/actions/setup-project/action.yml
  • Added an if: runner.os == 'Linux' condition to the "Install Linux native bindings" step to prevent incorrect installations on non-Linux operating systems.
• DEVELOPMENT_WORKFLOW.md
  • Added a new markdown file detailing standard development workflows, including "Sync Workflow" for RC maintenance and "PR Workflow" for new feature work.
  • Included sections on target RC resolution, pre-flight checklists, conflict resolution, build/test matrices, post-sync verification, check-sync.sh usage, stop conditions, and AI agent guardrails/guidance.
• check-sync.sh
  • Added a new executable bash script to check the synchronization status of the current branch against origin and upstream remotes.
  • Implemented dynamic target RC resolution, status line printing for origin and upstream, and preview functions for commits.
  • Included argument parsing for --rc and --preview options.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/release.yml

Activity

• No human activity (comments, reviews, approvals) has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces two main fixes for the release workflow and a TypeScript build failure, which are well-explained. It also adds a comprehensive development workflow guide (DEVELOPMENT_WORKFLOW.md) and a helper script (check-sync.sh). My review focuses on these new additions. I've suggested a couple of improvements: one to make the check-sync.sh script more robust by handling detached HEAD states, and another to improve the clarity and remove redundancy in the new DEVELOPMENT_WORKFLOW.md document. The fixes for the release workflow appear correct.

[coderabbitai]

📝 Walkthrough

Walkthrough

GitHub Actions workflow configuration updated to add OS-specific conditional checks and modify release job behavior. One step now conditionally executes only on Linux runners, and the release upload job now runs on all releases with an added checkout step.

Changes

Cohort / File(s)	Summary
GitHub Actions Setup Configuration .github/actions/setup-project/action.yml	Added conditional check (if: runner.os == 'Linux') to limit "Install Linux native bindings" step execution to Linux runners only.
GitHub Actions Release Workflow .github/workflows/release.yml	Removed draft release restriction (if: github.event.release.draft == false) and added new Checkout code step at the start of the upload job.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A swift adjustment, platform-aware,
No drafts left behind with care,
Checkout first, then upload we go—
CI/CD magic, steady and slow! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title references both the release workflow fix and the missing EventType entry, which are the primary changes in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/actions/setup-project/action.yml (1)

47-55: ⚠️ Potential issue | 🟠 Major

Hardcoded versions already mismatched with lockfile + hardcoded architecture will break on ARM64 runners.

1. Version pins are already out of sync. The hardcoded versions do not match the lockfile:

   • @rollup/rollup-linux-x64-gnu@4.53.3 → lockfile has 4.53.5
   • @tailwindcss/oxide-linux-x64-gnu@4.1.17 → lockfile has 4.1.18

   This workaround silently installs mismatched binaries instead of the locked versions, defeating the purpose of a lockfile.

2. Architecture is hardcoded to x64-gnu. This works on ubuntu-latest (x64) but will break silently on ARM64 Linux runners. ARM64-specific variants exist on npm (@rollup/rollup-linux-arm64-gnu, etc.), but are not used. Use runner.arch to select the correct binary dynamically:

Dynamic architecture selection

-    - name: Install Linux native bindings
-      if: runner.os == 'Linux'
-      shell: bash
-      # Workaround for npm optional dependencies bug (npm/cli#4828)
-      # Explicitly install Linux bindings needed for build tools
-      run: |
-        npm install --no-save --force --ignore-scripts \
-          `@rollup/rollup-linux-x64-gnu`@4.53.3 \
-          `@tailwindcss/oxide-linux-x64-gnu`@4.1.17
+    - name: Install Linux native bindings
+      if: runner.os == 'Linux'
+      shell: bash
+      # Workaround for npm optional dependencies bug (npm/cli#4828)
+      # Explicitly install Linux bindings needed for build tools
+      run: |
+        case "${{ runner.arch }}" in
+          X64)   ARCH_SUFFIX="linux-x64-gnu" ;;
+          ARM64) ARCH_SUFFIX="linux-arm64-gnu" ;;
+          *) echo "Unsupported arch: ${{ runner.arch }}"; exit 1 ;;
+        esac
+        npm install --no-save --force --ignore-scripts \
+          "@rollup/rollup-${ARCH_SUFFIX}@4.53.5" \
+          "@tailwindcss/oxide-${ARCH_SUFFIX}@4.1.18"

Update to the correct locked versions immediately (4.53.5 and 4.1.18), and consider adopting dynamic architecture selection to future-proof against ARM64 runners.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/actions/setup-project/action.yml around lines 47 - 55, The install
step currently hardcodes x64 package names and outdated versions; update the two
package pins to match the lockfile (`@rollup/rollup-linux-`*-gnu@4.53.5 and
`@tailwindcss/oxide-linux-`*-gnu@4.1.18) and replace the hardcoded "x64" segment
with a dynamic architecture variable (use runner.arch or a conditional mapping
to resolve "x64" vs "arm64" and select the corresponding package names like
`@rollup/rollup-linux-`${{ runner.arch }}-gnu and `@tailwindcss/oxide-linux-`${{
runner.arch }}-gnu) while keeping the existing npm flags (--no-save --force
--ignore-scripts).

🧹 Nitpick comments (1)

.github/workflows/release.yml (1)

19-19: SHA-pin all third-party action references for supply chain security.

Every action in this workflow uses mutable floating tags (@v4, @v2), which can be force-pushed to point to different commits and run malicious code in the privileged contents: write context. Pinning to full commit SHAs eliminates this attack surface.

This applies to all action references across both files:

• .github/workflows/release.yml: lines 19, 65, 75, 85, 101, 104, 110, 116, 122
• .github/actions/setup-project/action.yml: line 22 (actions/setup-node@v4)

Replace each mutable tag with a pinned commit SHA and version comment:

♻️ Example pattern (apply to all action references in both files)

-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4

-        uses: actions/setup-node@v4
+        uses: actions/setup-node@60a6ad4f6c0a34c697d12b3c1f622292f536e696 # v4

-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4

-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4

-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@c062e08bd532815e2082a7e09ce9571a6d1144cd # v2

Look up current HEAD SHAs for each action reference from their GitHub repositories.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release.yml at line 19, Replace all mutable action tags
with pinned commit SHAs and add a version comment next to each 'uses:' entry;
specifically update occurrences like "uses: actions/checkout@v4", "uses:
actions/setup-node@v4" and every other "uses: <owner>/<repo>@<tag>" referenced
in the workflow and action metadata so that the tag (e.g., `@v4`, `@v2`) is replaced
by the repository's full commit SHA for the current HEAD and append a short
comment indicating the original semantic version (e.g., # v4) to preserve
readability. Ensure you update all listed occurrences (the multiple "uses:"
lines in the workflow and the setup-node usage in action.yml) and verify each
SHA by fetching the corresponding repo's default branch HEAD before committing.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/actions/setup-project/action.yml:
- Around line 47-55: The install step currently hardcodes x64 package names and
outdated versions; update the two package pins to match the lockfile
(`@rollup/rollup-linux-`*-gnu@4.53.5 and `@tailwindcss/oxide-linux-`*-gnu@4.1.18)
and replace the hardcoded "x64" segment with a dynamic architecture variable
(use runner.arch or a conditional mapping to resolve "x64" vs "arm64" and select
the corresponding package names like `@rollup/rollup-linux-`${{ runner.arch }}-gnu
and `@tailwindcss/oxide-linux-`${{ runner.arch }}-gnu) while keeping the existing
npm flags (--no-save --force --ignore-scripts).

---

Nitpick comments:
In @.github/workflows/release.yml:
- Line 19: Replace all mutable action tags with pinned commit SHAs and add a
version comment next to each 'uses:' entry; specifically update occurrences like
"uses: actions/checkout@v4", "uses: actions/setup-node@v4" and every other
"uses: <owner>/<repo>@<tag>" referenced in the workflow and action metadata so
that the tag (e.g., `@v4`, `@v2`) is replaced by the repository's full commit SHA
for the current HEAD and append a short comment indicating the original semantic
version (e.g., # v4) to preserve readability. Ensure you update all listed
occurrences (the multiple "uses:" lines in the workflow and the setup-node usage
in action.yml) and verify each SHA by fetching the corresponding repo's default
branch HEAD before committing.

[gsxdsm]

Lgtm