fix(ci): release.yml — build full workspace, not just desktop#353
Merged
Conversation
v0.6.58.0 release attempt failed on all 3 platforms with the same TS2307 error pattern: `Cannot find module '@skytwin/llm-client'`, `@skytwin/db`, `@skytwin/shared-types`, etc. — across 15+ test files inside apps/api/src/__tests__/. Root cause: release.yml's build step ran `pnpm --filter skytwin-desktop build`, which only invokes desktop's own placeholder build script (a no-op `node -e "console.log(...)"` echo). The desktop package's prepackage chain then calls `pnpm --filter @skytwin/api build` (etc.) which requires every transitively-depended workspace package to have its dist/ already compiled — but nothing built them. build.yml has used bare `pnpm build` since the original CI setup (lines 78, 114, 176, 241 — test job + all three desktop jobs). release.yml drifted to the filtered variant and the workspace-build gap was masked by the earlier pnpm/action-setup failure (the build step never ran). Fix: match build.yml. `pnpm build` triggers turbo to compile every workspace package in dependency order, then prepackage's filter-based calls become cache hits. Net: tagging v0.6.59.0 after this lands should finally produce the .dmg/.exe/.AppImage/.deb/.rpm artifacts the README rewrite (launch-plan §1.6) is waiting on. v0.6.57.0 and v0.6.58.0 tags stay as historical artifacts of the release-pipeline shakedown. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jayzalowitz
added a commit
that referenced
this pull request
May 23, 2026
…#355) v0.6.58.0 third release attempt failed on macOS with: ⨯ /Users/runner/work/skytwin/skytwin/apps/desktop not a file right after `empty password will be used for code signing reason= CSC_KEY_PASSWORD is not defined`. Root cause: release.yml's Build-and-publish step sets CSC_LINK from a secret via ternary. When the secret is unset, the expression evaluates to '' (empty string), NOT undefined — so CSC_LINK IS in the environment but as empty. electron-builder then interprets the empty value as a relative path-to-cert that resolves to the CWD (apps/desktop), tries to read it as a file, finds a directory, errors out before packaging even starts. build.yml dodges this by setting CSC_IDENTITY_AUTO_DISCOVERY: 'false' and NOT setting CSC_LINK. release.yml needed the same defensive guard for the no-cert-secrets case. Fix: pair CSC_LINK with CSC_IDENTITY_AUTO_DISCOVERY computed from whether the matching secret is non-empty. When secrets are present, auto-discovery is true (and CSC_LINK takes precedence anyway). When secrets are empty, auto-discovery is false and electron-builder falls through cleanly to "skip signing" — producing the unsigned artifacts the workflow header comment already documents as expected pre-Apple-Developer-enrollment. Fourth fix in the v0.6.58.0 release-pipeline chain after: - PR #352: pnpm/action-setup v4→v5 + --publish never on build.yml - PR #353: bare pnpm build instead of --filter skytwin-desktop - PR #354: drop `--` separator before --publish flags - This: CSC_IDENTITY_AUTO_DISCOVERY fallback Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
jayzalowitz
added a commit
that referenced
this pull request
May 23, 2026
Five consecutive failures of release.yml on tag v0.6.58.0: 1. pnpm/action-setup v4+version conflict (PR #352 fix) 2. `pnpm --filter skytwin-desktop build` skipped workspace deps (PR #353 fix) 3. pnpm `--` separator broke electron-builder arg parsing (PR #354 fix) 4. Empty CSC_LINK env var made electron-builder treat CWD as cert path (PR #355 attempted fix — did not actually work, see #5) 5. CSC_IDENTITY_AUTO_DISCOVERY=false isn't enough because CSC_LINK="" (set-to-empty-string, not unset) still triggers the path-resolve code path Each fix revealed the next bug because release.yml was never tested end-to-end — it's been broken since the file was committed. At 5 fixes deep, the right move is to stop fixing release.yml and use the known-working publisher pattern instead. build.yml already builds artifacts successfully on tag push via its desktop-mac/desktop-windows/desktop-linux/mobile-* matrix. PR #352 deleted build.yml's softprops-based release: job specifically to avoid double-publishing with release.yml. With release.yml deleted, that conflict is gone — restore the simpler chain: - Desktop+mobile matrix builds artifacts (already works, --publish never). - New release: job downloads via actions/download-artifact and creates a draft GitHub Release via softprops/action-gh-release@v3. Trade-off: - Lose: electron-builder's GitHub publisher integration (auto-updater channel YAML). When code signing + auto-update become priorities, add release.yml back with the lessons from #352-#355 baked in OR switch to a single workflow with electron-builder publish. - Gain: artifacts actually publish today, on an unsigned-build basis, which is what the launch plan §1.6 README rewrite needs. After this lands: re-tag v0.6.58.0 (5th attempt). build.yml's matrix runs as before, plus the new release: job downloads + publishes a draft. Operator manually clicks Publish in the GitHub UI to make the release live. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
v0.6.58.0 release attempt failed on all 3 platforms with the same TS2307 error pattern —
Cannot find module '@skytwin/llm-client',@skytwin/db,@skytwin/shared-types, etc. across 15+ test files.Root cause:
release.ymlranpnpm --filter skytwin-desktop build, which only invokes desktop's placeholder build script (a no-opnode -e \"console.log(...)\"echo). The desktop prepackage chain (bash scripts/build-single-binary.sh) then callspnpm --filter @skytwin/api build— but that filter requires every transitively-depended workspace package to have itsdist/already compiled.Fix: match
build.yml— use barepnpm build(turbo compiles everything in dependency order). Single-line change.Why this wasn't caught sooner: the earlier
pnpm/action-setupfailure (PR #352 fixed it) preventedrelease.yml's build step from ever running, so the workspace-build gap was invisible.Test plan
build.ymltest job uses barepnpm buildand passes — same command works in CI on the same monorepo.v0.6.59.0(skippingv0.6.58.0which has a broken release-pipeline tag) → release workflow finally produces the artifacts the README rewrite needs.🤖 Generated with Claude Code