fix: include commit count in preview version for brew upgrade#15
Merged
Conversation
Homebrew ignores semver +metadata for version comparison, so 0.5.0-preview+aaa and 0.5.0-preview+bbb look identical and `brew upgrade` skips the update. Include the commit count in the pre-release segment: 0.5.0-preview.347+5f2593c The commit count is monotonically increasing, so each push produces a genuinely newer version that `brew upgrade` detects automatically. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
donbeave
added a commit
that referenced
this pull request
Apr 20, 2026
…eable fix: include commit count in preview version for brew upgrade
donbeave
added a commit
that referenced
this pull request
Apr 21, 2026
…eable fix: include commit count in preview version for brew upgrade
donbeave
added a commit
that referenced
this pull request
Apr 21, 2026
fix: include commit count in preview version for brew upgrade
donbeave
added a commit
that referenced
this pull request
Apr 21, 2026
fix: include commit count in preview version for brew upgrade
donbeave
added a commit
that referenced
this pull request
Apr 21, 2026
fix: include commit count in preview version for brew upgrade
donbeave
added a commit
that referenced
this pull request
May 7, 2026
fix: include commit count in preview version for brew upgrade Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>
donbeave
added a commit
that referenced
this pull request
May 7, 2026
fix: include commit count in preview version for brew upgrade Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>
donbeave
added a commit
that referenced
this pull request
May 7, 2026
Homebrew ignores semver +metadata for version comparison, so 0.5.0-preview+aaa and 0.5.0-preview+bbb look identical and `brew upgrade` skips the update. Include the commit count in the pre-release segment: 0.5.0-preview.347+5f2593c The commit count is monotonically increasing, so each push produces a genuinely newer version that `brew upgrade` detects automatically. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
donbeave
added a commit
that referenced
this pull request
May 7, 2026
fix: include commit count in preview version for brew upgrade Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Codex <codex@openai.com>
donbeave
added a commit
that referenced
this pull request
May 9, 2026
… env-var leaks (#273) Tier 3 follow-up to the post-#266 hardening. Add a PR-time `publish-manifest-rehearsal` job to `construct.yml` that runs the same docker buildx CLI plumbing `publish-manifest` depends on, without the side-effect steps (Docker Hub login, `imagetools create`, `imagetools inspect`). The previous hardening rounds were process- (#267 docs rules) and gate-side (#14 / #15 terraform branch protection). This is the workflow-side companion. The #266 break (`ERROR: no builder "jackin-construct" found`) was caused by hoisting `BUILDX_BUILDER` into workflow-level env, which docker buildx reads as the default-builder selection — surfacing only post-merge on main because `publish-manifest` is push-only and never runs on a `pull_request` event. `docker buildx ls` evaluates `BUILDX_BUILDER` at startup and exits non-zero on a missing-builder reference, regardless of whether the rest of the command would have hit the network. Running it on PR + feature-branch dispatch reproduces the failure shape without registry credentials. Two checks: `docker buildx ls` (catches workflow-level env-var leaks for any current or future buildx-controlling env var) and `docker buildx imagetools --help >/dev/null` (smoke-test that the buildx CLI plugin is bundled and loadable on the runner). The `construct-required` aggregator now lists `publish-manifest-rehearsal` in `needs:` so the rehearsal's result is rolled up into the same single check name branch protection requires. Equivalent rehearsals for `build-validator`, `deploy`, and `publish-preview` are deferred — those side-effect surfaces don't have the same network-free reproducibility shape `buildx ls` provides for docker, so the fidelity-vs-cost trade is worse. Reopen if a #266-class break surfaces in any of them. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
donbeave
added a commit
that referenced
this pull request
May 18, 2026
… env-var leaks (#273) Tier 3 follow-up to the post-#266 hardening. Add a PR-time `publish-manifest-rehearsal` job to `construct.yml` that runs the same docker buildx CLI plumbing `publish-manifest` depends on, without the side-effect steps (Docker Hub login, `imagetools create`, `imagetools inspect`). The previous hardening rounds were process- (#267 docs rules) and gate-side (#14 / #15 terraform branch protection). This is the workflow-side companion. The #266 break (`ERROR: no builder "jackin-construct" found`) was caused by hoisting `BUILDX_BUILDER` into workflow-level env, which docker buildx reads as the default-builder selection — surfacing only post-merge on main because `publish-manifest` is push-only and never runs on a `pull_request` event. `docker buildx ls` evaluates `BUILDX_BUILDER` at startup and exits non-zero on a missing-builder reference, regardless of whether the rest of the command would have hit the network. Running it on PR + feature-branch dispatch reproduces the failure shape without registry credentials. Two checks: `docker buildx ls` (catches workflow-level env-var leaks for any current or future buildx-controlling env var) and `docker buildx imagetools --help >/dev/null` (smoke-test that the buildx CLI plugin is bundled and loadable on the runner). The `construct-required` aggregator now lists `publish-manifest-rehearsal` in `needs:` so the rehearsal's result is rolled up into the same single check name branch protection requires. Equivalent rehearsals for `build-validator`, `deploy`, and `publish-preview` are deferred — those side-effect surfaces don't have the same network-free reproducibility shape `buildx ls` provides for docker, so the fidelity-vs-cost trade is worse. Reopen if a #266-class break surfaces in any of them. Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
donbeave
added a commit
that referenced
this pull request
May 19, 2026
…e findings #13/#14 - bollard-migration.mdx: rewrite to describe what shipped in Phase 1 and what remains deferred (docker build, interactive exec) in Phase 2 - roadmap.mdx: move bollard-migration from Planned to Partially implemented - open-review-findings.mdx: remove #13 (string-match cleanup) and #14 (inspect collapses to not-found), renumber #15-17 to #13-15 - codebase-map.mdx: add src/docker_client.rs entry describing DockerApi trait, BollardDockerClient, FakeDockerClient, and ContainerState Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
donbeave
added a commit
that referenced
this pull request
May 19, 2026
…e findings #13/#14 - bollard-migration.mdx: rewrite to describe what shipped in Phase 1 and what remains deferred (docker build, interactive exec) in Phase 2 - roadmap.mdx: move bollard-migration from Planned to Partially implemented - open-review-findings.mdx: remove #13 (string-match cleanup) and #14 (inspect collapses to not-found), renumber #15-17 to #13-15 - codebase-map.mdx: add src/docker_client.rs entry describing DockerApi trait, BollardDockerClient, FakeDockerClient, and ContainerState Signed-off-by: Alexey Zhokhov <alexey@zhokhov.com> Co-authored-by: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
0.5.0-preview+5f2593cto0.5.0-preview.347+5f2593cbrew upgrade jackin@previewnow works because each push produces a genuinely newer semver versionfetch-depth: 0to the checkout step sogit rev-list --count HEADhas full historyWhy
Homebrew (and semver) ignores
+metadatafor version comparison. The old format0.5.0-preview+aaavs0.5.0-preview+bbblooked identical, forcing users tobrew reinstallinstead ofbrew upgrade.The commit count in the pre-release segment (
preview.347vspreview.348) is monotonically increasing and part of semver comparison, so brew correctly detects newer versions.This follows the same pattern used by PHP nightly and Gel CLI nightly homebrew formulas.
Test plan
cargo fmt -- --checkpassescargo clippypassescargo nextest run— 204 tests passbrew update && brew upgrade jackin@previewpicks up the new version🤖 Generated with Claude Code