fix(ci): remove direct push to main from release workflow#556
Conversation
The release workflow was pushing changelog + version bump directly to main, which fails now that main has branch protection (PRs required). Removed the 'Commit changelog and version bump to main' step entirely. Version bumps and CHANGELOG updates should be done in the release PR before tagging, not by the CI after the fact. The workflow now only: builds, signs, and publishes the release.
…main Instead of pushing changelog + version bump directly to main (which is now blocked by branch protection), the workflow: 1. Builds and publishes the release as before 2. Creates a branch chore/changelog-vX.Y.Z from the tag 3. Commits the CHANGELOG.md update + version bump there 4. Opens a PR automatically via gh pr create The PR can be merged with one click — no manual changelog work needed.
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
|
Important Review skippedBot user detected. To trigger a single review, invoke the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
WalkthroughThe release workflow is modified to replace direct commits to Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/release.yml:
- Around line 348-355: The multiline string passed to gh pr create via the
--body flag is mis-indented inside the YAML run: | block and breaks parsing; fix
by constructing the PR body without relying on inline indentation — e.g., write
the body to a file and call gh pr create --body-file pointing to that file (or
use a properly indented here-doc) so the content for --body (which includes TAG,
VERSION, BUILD, CHANGELOG.md, pubspec.yaml) is preserved exactly and the YAML
block indentation is not violated.
- Around line 284-285: The changelog PR step uses a deterministic
BRANCH="chore/changelog-${TAG}" and always runs git push and gh pr create, which
fails on reruns; make this step idempotent by first checking whether the branch
already exists or whether there are any file changes to commit (e.g., run git
fetch && git ls-remote or git rev-parse for BRANCH and/or git diff --exit-code)
and exit successfully if no changes, and if the branch exists, detect an open PR
for that branch via the GitHub CLI (gh pr list/gh api) and skip creating a new
PR; update the workflow to short-circuit before running git push and gh pr
create when either no-op or existing PR is detected.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: fd736f88-be3d-4bd1-acb5-845d9f35ad52
📒 Files selected for processing (1)
.github/workflows/release.yml
| BRANCH="chore/changelog-${TAG}" | ||
| DATESTAMP=$(date -u +"%Y-%m-%d") |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '280,290p'Repository: MostroP2P/mobile
Length of output: 518
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '340,365p'Repository: MostroP2P/mobile
Length of output: 1225
🏁 Script executed:
wc -l .github/workflows/release.ymlRepository: MostroP2P/mobile
Length of output: 93
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '275,285p'Repository: MostroP2P/mobile
Length of output: 533
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '355,375p'Repository: MostroP2P/mobile
Length of output: 672
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '270,295p'Repository: MostroP2P/mobile
Length of output: 1333
🏁 Script executed:
cat -n .github/workflows/release.yml | sed -n '343,358p'Repository: MostroP2P/mobile
Length of output: 849
Make the changelog PR step idempotent.
Line 284 makes the branch name deterministic, but the step at lines 277–359 never short-circuits on an existing PR or a no-op changelog/version update. On rerun for the same tag, git push and gh pr create will fail, causing the step to fail and blocking the "Trigger desktop builds" step at line 361. Since the GitHub release is published before this step (line 275), a rerun failure can suppress the desktop dispatch after the release is already public.
♻️ Minimal guard rails
BRANCH="chore/changelog-${TAG}"
+ EXISTING_PR=$(gh pr list --state open --head "$BRANCH" --json url --jq '.[0].url // empty')
+ if [ -n "$EXISTING_PR" ]; then
+ echo "Changelog PR already exists: $EXISTING_PR"
+ exit 0
+ fi
DATESTAMP=$(date -u +"%Y-%m-%d")
…
git add pubspec.yaml CHANGELOG.md
- git diff --cached --quiet || git commit -m "chore: update changelog and version for ${TAG}"
+ if git diff --cached --quiet; then
+ echo "No changelog/version changes to propose."
+ exit 0
+ fi
+ git commit -m "chore: update changelog and version for ${TAG}"
git push origin "$BRANCH"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml around lines 284 - 285, The changelog PR step
uses a deterministic BRANCH="chore/changelog-${TAG}" and always runs git push
and gh pr create, which fails on reruns; make this step idempotent by first
checking whether the branch already exists or whether there are any file changes
to commit (e.g., run git fetch && git ls-remote or git rev-parse for BRANCH
and/or git diff --exit-code) and exit successfully if no changes, and if the
branch exists, detect an open PR for that branch via the GitHub CLI (gh pr
list/gh api) and skip creating a new PR; update the workflow to short-circuit
before running git push and gh pr create when either no-op or existing PR is
detected.
| gh pr create \ | ||
| --title "chore: update changelog and version for ${TAG}" \ | ||
| --body "Automated changelog and version bump generated by the release workflow for \`${TAG}\`. | ||
|
|
||
| - Updates \`CHANGELOG.md\` with commits since the previous tag | ||
| - Bumps \`version:\` in \`pubspec.yaml\` to \`${VERSION}+${BUILD}\` | ||
|
|
||
| **Merge this after the release is published.**" \ |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# First, let's locate and read the release.yml file
find . -path "*/.github/workflows/release.yml" -type fRepository: MostroP2P/mobile
Length of output: 91
🏁 Script executed:
# Read the file around lines 348-355 with context
sed -n '340,365p' ./.github/workflows/release.yml | cat -nRepository: MostroP2P/mobile
Length of output: 1225
🏁 Script executed:
# Need to see more context - find where this `run: |` block starts
sed -n '320,365p' ./.github/workflows/release.yml | cat -nRepository: MostroP2P/mobile
Length of output: 1882
🏁 Script executed:
# Let me find the run: | statement that contains this code
sed -n '290,365p' ./.github/workflows/release.yml | cat -nRepository: MostroP2P/mobile
Length of output: 3335
🏁 Script executed:
# Need to find the run: | statement - let me look further back
sed -n '270,365p' ./.github/workflows/release.yml | cat -nRepository: MostroP2P/mobile
Length of output: 4283
🏁 Script executed:
# Let me examine the exact indentation by looking at the raw bytes
sed -n '278,290p' ./.github/workflows/release.yml | od -c | head -50Repository: MostroP2P/mobile
Length of output: 100
🏁 Script executed:
# Use cat -A to show whitespace characters
sed -n '278,365p' ./.github/workflows/release.yml | cat -ARepository: MostroP2P/mobile
Length of output: 3367
🏁 Script executed:
# Let me verify the indentation pattern more carefully
# Count spaces for key lines
python3 << 'EOF'
import re
lines = [
(" git config user.name", "baseline"),
(" --body \"Automated changelog", "first body line"),
(" - Updates", "reduced indent content"),
(" - Bumps", "reduced indent content"),
(" **Merge", "reduced indent content"),
(" --base main", "continuation line"),
]
for line, desc in lines:
match = re.match(r'^( *)', line)
if match:
spaces = len(match.group(1))
print(f"{spaces:2d} spaces: {desc:25s} | {line}")
EOFRepository: MostroP2P/mobile
Length of output: 420
Fix multiline string indentation in the PR body; the current indentation breaks the workflow file.
The --body text inside the gh pr create command drops from 12 spaces to 2 spaces starting at line 81 (the - Updates line). In YAML's run: | literal block scalar, all content must maintain at least the baseline indentation (10 spaces). Lines with only 2 spaces are parsed as YAML root-level keys rather than shell content, causing a parse error when GitHub Actions loads the workflow.
🛠️ Safer body construction using file
# Open PR via GitHub CLI
- gh pr create \
- --title "chore: update changelog and version for ${TAG}" \
- --body "Automated changelog and version bump generated by the release workflow for \`${TAG}\`.
-
- - Updates \`CHANGELOG.md\` with commits since the previous tag
- - Bumps \`version:\` in \`pubspec.yaml\` to \`${VERSION}+${BUILD}\`
-
- **Merge this after the release is published.**" \
- --base main \
- --head "$BRANCH"
+ cat > PR_BODY.md <<EOF
+ Automated changelog and version bump generated by the release workflow for \`${TAG}\`.
+
+ - Updates \`CHANGELOG.md\` with commits since the previous tag
+ - Bumps \`version:\` in \`pubspec.yaml\` to \`${VERSION}+${BUILD}\`
+
+ **Merge this after the release is published.**
+ EOF
+
+ gh pr create \
+ --title "chore: update changelog and version for ${TAG}" \
+ --body-file PR_BODY.md \
+ --base main \
+ --head "$BRANCH"🧰 Tools
🪛 YAMLlint (1.38.0)
[error] 352-352: syntax error: expected , but found '-'
(syntax)
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/release.yml around lines 348 - 355, The multiline string
passed to gh pr create via the --body flag is mis-indented inside the YAML run:
| block and breaks parsing; fix by constructing the PR body without relying on
inline indentation — e.g., write the body to a file and call gh pr create
--body-file pointing to that file (or use a properly indented here-doc) so the
content for --body (which includes TAG, VERSION, BUILD, CHANGELOG.md,
pubspec.yaml) is preserved exactly and the YAML block indentation is not
violated.
- Check remote branch existence before pushing (idempotent rerun) - Detect existing open PR and skip silently - Use --body-file instead of inline --body to avoid YAML indent issues - Skip PR creation if no staged changes
Problem
The release workflow was failing because it tried to
git push origin maindirectly, which is now blocked by the branch protection rule (PRs required).Solution
Instead of pushing directly to
main, the workflow now opens a PR automatically after publishing the release.New release flow
v1.2.3→ workflow triggerschore/changelog-v1.2.3with updatedCHANGELOG.md+ version bump inpubspec.yamlCHANGELOG.mdandpubspec.yamlland onmain✅What changed
git checkout main+git push origin mainchore/changelog-vX.Y.Zfrom the tagCHANGELOG.mdupdate + version bumpgh pr createpull-requests: writepermission (needed to open PRs)