Skip to content

Fix commit author for Homebrew tap updates#184

Merged
mike1858 merged 1 commit into
mainfrom
fix-commit-author-for-homebrew-tap-updates-061226
Jun 13, 2026
Merged

Fix commit author for Homebrew tap updates#184
mike1858 merged 1 commit into
mainfrom
fix-commit-author-for-homebrew-tap-updates-061226

Conversation

@signadou

@signadou signadou commented Jun 12, 2026

Copy link
Copy Markdown
Member

Summary by CodeRabbit

  • Chores
    • Enhanced release automation: serialized release runs, early tag/version validation, updated secret handling, improved bot credential resolution, safer Homebrew formula updates with verification, and retrying publish logic to reduce intermittent failures.

Note: This release contains only internal infrastructure improvements with no user-facing changes.

@coderabbitai

coderabbitai Bot commented Jun 12, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f8564007-14b2-4182-aa91-4562f74aa332

📥 Commits

Reviewing files that changed from the base of the PR and between 0bda7ff and 6306d7a.

📒 Files selected for processing (1)
  • .github/workflows/release.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/release.yml

📝 Walkthrough

Walkthrough

The release workflow serializes tag-triggered runs, verifies the pushed v* tag matches the crate version, updates Infisical secrets-action revisions, resolves the GitHub App bot numeric user ID, tightens Homebrew formula rewrite checks, sets dynamic git author identity, and replaces the single push with a retrying basic-auth push loop.

Changes

Release workflow updates for Homebrew tap

Layer / File(s) Summary
Concurrency and tag verification
.github/workflows/release.yml
Adds top-level concurrency for v* tag runs and a step that verifies the pushed tag version matches the crate version.
Infisical secrets-action bumps
.github/workflows/release.yml
Bumps the pinned secrets-action revisions used during the build job and the Homebrew publishing job.
Resolve release app identity
.github/workflows/release.yml
New step calls gh api to resolve ${APP_SLUG}[bot] numeric user id, validates it, and exports it to GITHUB_OUTPUT.
Formula rewrite checks and git identity
.github/workflows/release.yml
Uses Ruby sub! with aborts and grep checks to ensure rewritten url and sha256 are present; sets git user.name/user.email using ${APP_SLUG}[bot] and ${APP_USER_ID}.
Push retry loop with basic-auth
.github/workflows/release.yml
Replaces a single bearer git push with a documented basic-auth http.extraheader approach and a retry loop that fetches and rebases the remote branch before retrying on failures.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

  • Piebald-AI/splitrail#183: Modifies the same .github/workflows/release.yml Homebrew publishing flow affecting formula updates and GitHub App token/commit mechanics.

Suggested reviewers

  • mike1858

Poem

🐰 I hopped through workflows, yaml in paw,
Resolved the bot id with a gh api law,
Tightened formulas, ensured checks sing,
Taught git push to retry on the wing,
Happy releases — hop, push, deploy! 🎉

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Fix commit author for Homebrew tap updates' directly addresses one key aspect of the changeset—updating GitHub App token usage and commit author configuration in the Homebrew publishing job. However, the changeset includes several other substantial changes: adding workflow concurrency, validating crate metadata, updating action revisions, strengthening formula rewriting with explicit error handling, and implementing retry logic for git push. The title focuses narrowly on the commit author fix, which is important but not the main/broadest objective of the full changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix-commit-author-for-homebrew-tap-updates-061226

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/release.yml (1)

464-472: ⚡ Quick win

Add validation for the resolved user ID.

The API call could potentially return an empty or malformed user ID if the bot user doesn't exist or the API response is unexpected. Consider adding validation to fail fast with a clear error message.

🛡️ Proposed validation to add after line 471
           set -euo pipefail
           user_id=$(gh api "/users/${APP_SLUG}[bot]" --jq .id)
+          if [[ -z "$user_id" ]] || ! [[ "$user_id" =~ ^[0-9]+$ ]]; then
+            echo "Error: Failed to resolve valid user ID for ${APP_SLUG}[bot]" >&2
+            exit 1
+          fi
           echo "user-id=${user_id}" >> "$GITHUB_OUTPUT"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release.yml around lines 464 - 472, The
release-app-identity step currently assigns user_id from the gh api call but
doesn't validate it; after capturing user_id from the gh api call (variable
user_id from the gh api "/users/${APP_SLUG}[bot]"), check that user_id is
non-empty and matches the expected format (e.g., numeric ID or a reasonable
pattern), and if invalid print a clear error to stderr (including the APP_SLUG
and the raw API output if available) and exit with a non-zero status so the job
fails fast; only write "user-id=${user_id}" to GITHUB_OUTPUT when the validation
passes.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In @.github/workflows/release.yml:
- Around line 464-472: The release-app-identity step currently assigns user_id
from the gh api call but doesn't validate it; after capturing user_id from the
gh api call (variable user_id from the gh api "/users/${APP_SLUG}[bot]"), check
that user_id is non-empty and matches the expected format (e.g., numeric ID or a
reasonable pattern), and if invalid print a clear error to stderr (including the
APP_SLUG and the raw API output if available) and exit with a non-zero status so
the job fails fast; only write "user-id=${user_id}" to GITHUB_OUTPUT when the
validation passes.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a2214bff-f75a-42b9-af8a-83d424d546dc

📥 Commits

Reviewing files that changed from the base of the PR and between 2d6efff and d9cd090.

📒 Files selected for processing (1)
  • .github/workflows/release.yml

@signadou signadou force-pushed the fix-commit-author-for-homebrew-tap-updates-061226 branch from d9cd090 to 0bda7ff Compare June 13, 2026 15:58

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/release.yml:
- Around line 490-491: The workflow sets user_id from gh api into variable
user_id then writes it to GITHUB_OUTPUT without validation; ensure you validate
user_id is a numeric value before using it for git identity and fail fast if
not: after obtaining user_id (the gh api "/users/${APP_SLUG}[bot]" --jq .id
call) check that user_id is non-empty and matches digits only, and if the check
fails emit an error log and exit with non-zero status so the later step that
composes the noreply address won't proceed with "null" or invalid values.
- Around line 447-459: Move the "Verify tag matches crate version" step into a
dedicated preflight job that runs before any publishing steps: create a new job
(e.g., job name preflight_tag_check) that runs the current shell script block
(keeping VERSION from needs.crate_metadata.outputs.version and the same
tag_version check), mark it to run on the same runner and with the same env, and
then add explicit job dependencies so that both the existing build and
publish_release jobs depend on preflight_tag_check (remove the original step
from the release job). Ensure the new job fails fast on mismatch (exit 1) so
release/publish cannot run if the tag does not match the crate version.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f268cca2-6d07-45b3-bffe-5601462398cb

📥 Commits

Reviewing files that changed from the base of the PR and between d9cd090 and 0bda7ff.

📒 Files selected for processing (1)
  • .github/workflows/release.yml

Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml
@signadou signadou force-pushed the fix-commit-author-for-homebrew-tap-updates-061226 branch from 0bda7ff to 6306d7a Compare June 13, 2026 17:02
@mike1858 mike1858 merged commit dfbe424 into main Jun 13, 2026
6 checks passed
@mike1858 mike1858 deleted the fix-commit-author-for-homebrew-tap-updates-061226 branch June 13, 2026 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants