chore: update python-prerelease.yml#4333
Conversation
…python-prerelease.yml
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 3 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a8583d1. Configure here.
| # Validate tag format from git ref | ||
| if [[ ! "$VERSION" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+rc[0-9]+$ ]]; then | ||
| echo "Error: Invalid tag format. Expected format: vX.Y.ZrcN or X.Y.ZrcN" | ||
| exit 1 |
There was a problem hiding this comment.
Regex rejects dotted RC tags
High Severity
The new tag regex only accepts X.Y.ZrcN (no dot before rc), but this repo’s release flow creates tags like v1.6.0.rc0. Pushes matching v*rc* fail validation and exit before RC testing runs.
Additional Locations (2)
Reviewed by Cursor Bugbot for commit a8583d1. Configure here.
| # Remove 'v' prefix if present for pip | ||
| VERSION_CLEAN="${VERSION#v}" | ||
| echo "Waiting for huggingface-hub==${VERSION_CLEAN} to be available on PyPI" | ||
| while ! pip install "huggingface-hub==${VERSION_CLEAN}"; do |
There was a problem hiding this comment.
PyPI version not normalized
Medium Severity
VERSION_CLEAN only removes a leading v, but PyPI RC versions here use 1.6.0rc0, not 1.6.0.rc0. A dotted git tag yields a pip spec that does not match the published package name on PyPI.
Reviewed by Cursor Bugbot for commit a8583d1. Configure here.
| # Only modify workflow files that already reference huggingface-hub to minimize scope | ||
| if grep -r "huggingface-hub" .github/workflows/ >/dev/null 2>&1; then | ||
| find .github/workflows/ -type f -exec grep -l "huggingface-hub" {} \; | xargs sed -i 's/uv pip install /uv pip install --prerelease=allow /g' | ||
| git add .github/workflows/ |
There was a problem hiding this comment.
Prerelease flag scope narrowed
Medium Severity
Only workflow files containing the literal huggingface-hub get uv pip install rewritten with --prerelease=allow. Other CI workflows that still install the pinned RC via uv pip install are left unchanged, so downstream RC test runs may not install the prerelease.
Reviewed by Cursor Bugbot for commit a8583d1. Configure here.
|
The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update. |
|
closing in favor of #4335 which removes the workflow file entirely |
Update
.github/workflows/python-prerelease.ymlworkflow configuration.cc @dependabot[bot] @hanouticelina
Note
Low Risk
Changes are confined to an internal prerelease CI workflow; they add validation and reduce blast radius of automated workflow edits rather than altering runtime library code.
Overview
Hardens the Python prerelease GitHub Actions workflow that tests RC
huggingface-hubbuilds against downstream repos.Version handling: Tags and versions must match
vX.Y.ZrcN/X.Y.ZrcNat dispatch, on tag push, and again before the PyPI wait step. The PyPI poll now strips an optionalvprefix and installshuggingface-hub==…with a quoted spec.Downstream CI edits: Instead of adding
--prerelease=allowto everyuv pip installunder.github/workflows/, the workflow only touches workflow files that already mentionhuggingface-hub, with an explicit warning that this changes CI behavior.Reviewed by Cursor Bugbot for commit a8583d1. Bugbot is set up for automated code reviews on this repo. Configure here.