Skip to content

Commit 3faedee

Browse files
NagyViktNagyVikt
andauthored
fix(release): restore a clean npm deployment path (#195)
The published v7.0.10 package is already on npm, but the GitHub npm deployment stayed red because that release ran against a failing tag-era commit. This patch advances the next publish target to 7.0.11, keeps the README release notes in sync, and removes the duplicate tag-push trigger so GitHub tracks one canonical release deployment instead of a paired release-plus-tag run. Constraint: v7.0.10 is already published on npm, so rerunning that release would collide Rejected: rerun the existing v7.0.10 workflow | publish step would still target an already-taken version Rejected: keep the tag-push trigger and accept duplicate deploy cards | leaves the npm environment noisy and misleading Confidence: high Scope-risk: narrow Reversibility: clean Directive: keep the npm publish workflow on a single canonical trigger path unless a future release process explicitly needs tag-push publishes again Tested: npm test; node --check bin/multiagent-safety.js; npm pack --dry-run --cache .npm-cache; openspec validate agent-codex-make-npm-deployment-green-2026-04-21-03-13 --type change --strict; openspec validate --specs Not-tested: live GitHub release execution for v7.0.11 before merge Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
1 parent d22010e commit 3faedee

10 files changed

Lines changed: 76 additions & 6 deletions

File tree

.github/workflows/release.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,9 +2,6 @@ name: Release to npm (provenance)
22

33
on:
44
workflow_dispatch:
5-
push:
6-
tags:
7-
- 'v*'
85
release:
96
types: [published]
107

README.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -451,6 +451,11 @@ npm pack --dry-run
451451
<details>
452452
<summary><strong>v7.x</strong></summary>
453453

454+
### v7.0.11
455+
- Fixed the npm release workflow trigger so publishes run from `release.published` or explicit manual dispatch, instead of double-firing on both the tag push and the release event.
456+
- This keeps the GitHub `npm` environment from collecting duplicate cancelled deploy cards for the same version and leaves one canonical release deployment to monitor.
457+
- Bumped `@imdeadpool/guardex` from `7.0.10``7.0.11` so the next release can publish cleanly after `7.0.10` was already taken on npm.
458+
454459
### v7.0.10
455460
- Primary user-facing long name is now **GitGuardex**. CLI/help presents `gitguardex` as the long-form command; `gx` stays the preferred short alias; `guardex` remains as legacy compatibility.
456461
- Installed Codex/Claude startup files now use `gitguardex` paths: `.codex/skills/gitguardex/SKILL.md` and `.claude/commands/gitguardex.md`.
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
schema: spec-driven
2+
created: 2026-04-21
Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# T1 Notes
2+
3+
- Ship a clean follow-up release after `v7.0.10` failed its GitHub Actions release gate and left the npm deployment red.
4+
- Stop the duplicate tag-push publish path so the npm environment only reflects the real release run (or an explicit manual dispatch).
5+
- Bump the package metadata and README release notes together so the next publish can succeed without colliding with the already-published `7.0.10`.
Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
## Why
2+
3+
- The published `v7.0.10` release already exists on npm, but the GitHub `npm` deployment is still red because the release workflow ran from a failing tag-era commit.
4+
- The release workflow also double-triggers on both tag push and release publication, which leaves duplicate cancelled deployment cards in the `npm` environment even when the real release run is the one that matters.
5+
6+
## What Changes
7+
8+
- Bump the package metadata to `7.0.11` and add matching README release notes so the next publish targets a fresh npm version.
9+
- Limit the npm publish workflow to `release.published` and explicit manual dispatch so GitHub only records one canonical release deployment per version.
10+
- Add regression coverage that keeps the workflow on the single-release path.
11+
12+
## Impact
13+
14+
- Affects the package manifest, README release notes, release workflow trigger shape, and metadata regression tests.
15+
- Next step after merge is to publish a new GitHub release/tag so the corrected workflow produces the green npm deployment.
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
## ADDED Requirements
2+
3+
### Requirement: canonical npm release trigger
4+
The release workflow SHALL publish npm releases from explicit release publication or manual dispatch only.
5+
6+
#### Scenario: published release deployment
7+
- **WHEN** maintainers publish a GitHub release for a new package version
8+
- **THEN** the npm release workflow runs for that published release
9+
- **AND** the workflow does not also trigger a second publish job from the tag push for the same version.
10+
11+
### Requirement: fresh publish target
12+
Each release-bound package version SHALL target an unpublished npm version and matching release notes.
13+
14+
#### Scenario: next patch release after a failed deployment
15+
- **WHEN** the previous deployment is red but that version already exists on npm
16+
- **THEN** the package manifest advances to a new patch version
17+
- **AND** README release notes include a heading for that new version in the same change.
Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
## 1. Specification
2+
3+
- [x] 1.1 Finalize proposal scope and acceptance criteria for `agent-codex-make-npm-deployment-green-2026-04-21-03-13`.
4+
- [x] 1.2 Define normative requirements in `specs/release-deployment/spec.md`.
5+
6+
## 2. Implementation
7+
8+
- [x] 2.1 Implement scoped behavior changes.
9+
- [x] 2.2 Add/update focused regression coverage.
10+
11+
## 3. Verification
12+
13+
- [x] 3.1 Run targeted project verification commands.
14+
- [x] 3.2 Run `openspec validate agent-codex-make-npm-deployment-green-2026-04-21-03-13 --type change --strict`.
15+
- [x] 3.3 Run `openspec validate --specs`.
16+
17+
## 4. Completion
18+
19+
- [ ] 4.1 Finish the agent branch via PR merge + cleanup (`gx finish --via-pr --wait-for-merge --cleanup` or `bash scripts/agent-branch-finish.sh --branch <agent-branch> --base <base-branch> --via-pr --wait-for-merge --cleanup`).
20+
- [ ] 4.2 Record PR URL + final `MERGED` state in the completion handoff.
21+
- [ ] 4.3 Confirm sandbox cleanup (`git worktree list`, `git branch -a`) or capture a `BLOCKED:` handoff if merge/cleanup is pending.

package-lock.json

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "@imdeadpool/guardex",
3-
"version": "7.0.10",
3+
"version": "7.0.11",
44
"description": "GitGuardex: hardened multi-agent git guardrails for parallel agent work.",
55
"license": "MIT",
66
"preferGlobal": true,

test/metadata.test.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,14 @@ test('release workflow publishes with provenance in CI', () => {
3131
assert.match(workflow, /npm publish --provenance --access public/);
3232
});
3333

34+
test('release workflow only publishes from published releases or manual dispatch', () => {
35+
const workflowPath = path.join(repoRoot, '.github', 'workflows', 'release.yml');
36+
const workflow = fs.readFileSync(workflowPath, 'utf8');
37+
assert.match(workflow, /workflow_dispatch:/);
38+
assert.match(workflow, /release:\s*\n\s*types:\s*\[published\]/);
39+
assert.doesNotMatch(workflow, /\npush:\s*\n/);
40+
});
41+
3442
test('README release notes include current package version', () => {
3543
const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
3644
const readme = fs.readFileSync(readmePath, 'utf8');

0 commit comments

Comments
 (0)