Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 5 commits
- 18 files changed
- 4 contributors
Commits on May 1, 2026
-
fix(ci): retry transient registry fetches in primer generator (#462)
## Summary The v1.6.1 release-plz macOS upload-assets job (https://github.com/endevco/aube/actions/runs/25232551216/job/73991667575) failed mid-primer-generation when a single `fetch(registry.npmjs.org/<pkg>)` hit a TLS socket close at package 786/2000: ``` [TypeError: fetch failed] { [cause]: SocketError: other side closed ... code: 'UND_ERR_SOCKET', } ``` The script had no retry, so a transient blip during a 2000-package run crashed the whole release. Wrap fetch with up-to-5-attempt exponential backoff (1s/2s/4s/8s) that retries network errors, 5xx, and 429, and propagates other 4xx as terminal. Linux upload-assets jobs in the same run already pass via the empty-primer fallback from #460 — only macOS (which has node and runs the script for real) was hitting the transient blip. Windows builds will benefit from the same retry. After merge, re-run the failed `Upload assets / upload-assets (aarch64-apple-darwin, ...)` job for v1.6.1 to backfill the macOS tarball. ## Test plan - [x] `node --check scripts/generate-primer.mjs` clean - [x] Smoke-test the retry helper with stubbed `fetch` that throws `UND_ERR_SOCKET` twice — third attempt returns 200, retries logged - [ ] Re-run the v1.6.1 macOS upload-assets job after merge → confirm the primer generates and the tarball lands on the GH release 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: only changes the `scripts/generate-primer.mjs` fetch behavior by adding retries/backoff for transient network/HTTP failures, which may slightly increase run time but should reduce flaky CI failures. > > **Overview** > Improves primer generation robustness by wrapping registry/name-list `fetch` calls in a new `fetchWithRetry` helper with exponential backoff. > > The script now retries transient network errors plus HTTP `5xx` and `429`, while treating other `4xx` responses as terminal and preserving existing failure/skip behavior when the final attempt still fails. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 637800f. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
ci: bump release upload-assets timeout to 60 minutes (#463)
## Summary Windows release builds consistently land 25-28 min against the 30-min cap (v1.6.0: 25m43s / 27m11s; v1.6.1 just timed out at 30m on aarch64-pc-windows-msvc). Bump every upload-assets target to 60 min so runner variance doesn't tip releases over. ## Test plan - [ ] Re-run `release.yml` for v1.6.1 with `tag: v1.6.1` after merge → confirm Windows tarballs land 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Low Risk** > Low risk: CI-only change that just allows more time for release build/upload jobs; no product code or security logic is modified. > > **Overview** > Increases the GitHub Actions `release.yml` `upload-assets` job timeout from **30** to **60 minutes** to reduce release failures from long/variable build times (notably on Windows). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit daf6cbd. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
ci: don't publish release if any upload-assets target failed (#464)
## Summary GitHub immutable releases are enabled — a published release's assets can't be replaced after the fact. The previous `always()` gate on `publish-release` would flip the draft to non-draft even if one platform tarball was missing, leaving the downstream npm / COPR / PPA jobs (triggered by the `release: published` event) to fail fetching holes. Once published with missing assets, the only fix is to bump the version and re-cut the whole release. This PR drops `always()` so `publish-release` skips when any matrix target in `upload-assets` fails. Without `always()`, the default GitHub Actions semantic is "skip if any needed job didn't succeed", which is exactly what we want here. `enhance-release` (which `needs: publish-release`) skips transitively, so a half-built release also doesn't get communique-ed notes attached to it. ## Recovery flow when this kicks in 1. The draft release stays in place with whatever tarballs did upload. 2. Re-run `release.yml` via workflow_dispatch with `tag: vX.Y.Z` to fill the missing assets onto the existing draft. 3. Either flip the draft by hand: `gh release edit vX.Y.Z --draft=false` (which fires `release: published` and triggers the downstream publishers), or workflow_dispatch `release-plz.yml` again so `publish-release` runs. ## Test plan - [x] `actionlint` clean - [ ] On the next release: confirm the workflow proceeds normally when all targets succeed - [ ] On a forced upload-assets failure (e.g. via a one-target injected error in a test branch): confirm `publish-release` is skipped and the draft remains a draft 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes release automation gating so a GitHub release will no longer be published if any `upload-assets` matrix target fails, which could delay releases if the dependency chain or job conditions are misconfigured. > > **Overview** > Prevents `publish-release` in `release-plz.yml` from flipping a draft GitHub release to published unless the `upload-assets` job succeeds, avoiding immutable published releases with missing binaries. > > Updates the workflow documentation to explain why partial uploads must keep the release in draft and outlines the manual recovery flow (re-run `release.yml` for the tag, then publish). > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit 4cced3d. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
feat(cli): check engines.{aube,pnpm} and workspace per-project engines (
#458) ## Summary Extends `crates/aube/src/engines.rs` to cover engine constraints aube previously ignored, then ports the three pnpm misc.ts tests this unblocks. ### Engines coverage changes | Constraint | Before | After | |---|---|---| | `engines.node` on root manifest | checked | unchanged | | `engines.node` on workspace project manifests | **skipped** | checked (warn / engine-strict fail) | | `engines.node` on transitive deps | checked | unchanged | | `engines.aube` on root + workspace projects | **skipped** | checked against `env!(\"CARGO_PKG_VERSION\")` | | `engines.pnpm` on root + workspace projects | **skipped** | checked against `env!(\"CARGO_PKG_VERSION\")` | | `engines.{aube,pnpm}` on transitive deps | skipped | **stays skipped** (wild packages routinely pin authors' toolchains; would drown users in warnings) | aube positions itself as a pnpm-compatible drop-in, so a package gating on `engines.pnpm` is honored as if aube were that pnpm. The warning printer now labels each mismatch with the engine field that triggered it (`wanted node >=20`, `wanted aube >=99999`, `wanted pnpm >=8`). The strict-mode error is now engine-agnostic — existing `engines.bats` assertions on the `engine-strict` substring keep working. ### Tests ported (`test/pnpm_install_misc.bats`, 27 → 30 of 36) - `337` workspace per-project `engines.node` strict fail - `371` workspace per-project `engines.node` warn - `303` workspace per-project `engines.pnpm` (translated: pnpm hard-fails this unconditionally; aube routes everything through one knob, so the port enables `engine-strict=true`) ### Doc reclassification `misc.ts:136` (package.yaml manifest) moves from "documented divergence" to **won't fix**. Supporting YAML manifests would expand both the parser surface and the security-review surface for a feature pnpm itself documents as legacy. Not a pnpm-parity goal. ## Test plan - [x] 13 unit tests in `crates/aube/src/engines.rs` (8 new — `check_root_flags_{aube,pnpm}_mismatch`, `check_root_aube_satisfied_when_range_matches`, `check_root_flags_all_three_engines_independently`, `check_workspace_importers_{skips_root,flags_per_project,falls_back_to_rel_path_label}`) - [x] 30/30 tests in `test/pnpm_install_misc.bats` pass - [x] 5/5 tests in `test/engines.bats` (existing) still pass - [x] 65/65 tests in `test/install.bats` still pass - [x] 18/18 tests in `test/workspace.bats` still pass - [x] All 354 unit tests via `cargo test --bin aube` pass - [x] `cargo clippy --all-targets -- -D warnings` clean - [x] `cargo fmt --check` clean 🤖 Generated with [Claude Code](https://claude.com/claude-code) <!-- CURSOR_SUMMARY --> --- > [!NOTE] > **Medium Risk** > Changes dependency resolution to prefer `dist-tags.latest` within a semver range and expands engine constraint enforcement across workspaces, which can alter installed versions and cause new install failures under `engine-strict`. Limited scope but touches core install/resolution paths. > > **Overview** > Aligns resolver and CLI output with npm/pnpm by preferring `dist-tags.latest` when it satisfies a semver range (unless `pick_lowest`), and adds tests covering the new selection behavior. > > Extends install-time engine validation to check `engines.aube`/`engines.pnpm` (against `CARGO_PKG_VERSION`) and to apply `engines.node` checks to workspace importer manifests as well as transitive deps; warnings/errors now label the specific engine key and avoid falsely failing `engines.node` when no Node version is available. > > Adds pnpm parity BATS tests for workspace `engine-strict` behavior and updates pnpm import docs to reflect the newly covered cases. > > <sup>Reviewed by [Cursor Bugbot](https://cursor.com/bugbot) for commit d631f88. Bugbot is set up for automated code reviews on this repo. Configure [here](https://www.cursor.com/dashboard/bugbot).</sup> <!-- /CURSOR_SUMMARY --> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
-
## 🤖 New release: `v1.6.2` This PR bumps the workspace to `v1.6.2` and regenerates CHANGELOG entries, `aube.usage.kdl`, the CLI docs, and `release.json`. **Manually pinned to 1.6.2** (overriding release-plz's natural `feat:`-driven 1.7.0 minor bump). Merge ASAP — any new push to main will retrigger `release-plz-pr` which will recompute 1.7.0 and force-push this branch. See the diff for the full set of changes, or the per-crate `CHANGELOG.md` files for the release notes that will ship. --- Generated by the `release-plz-pr` workflow, manually retargeted to v1.6.2. Co-authored-by: release-plz[bot] <release-plz+bot@users.noreply.github.com>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v1.6.1...v1.6.2