Skip to content

chore: release v1.6.4#1473

Merged
magyargergo merged 3 commits into
mainfrom
release/v1.6.4
May 10, 2026
Merged

chore: release v1.6.4#1473
magyargergo merged 3 commits into
mainfrom
release/v1.6.4

Conversation

@magyargergo

@magyargergo magyargergo commented May 10, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Summary

Cuts GitNexus v1.6.4 — 142 commits since v1.6.3.

Highlights:

  • Reliability: WAL-corruption recovery, read-only FTS guard, embeddings download resilience, robust Windows lock acquisition, ladybug 0.16.x native fixes.
  • Security: U2–U8 server hardening cluster + Docker base-image pinning + log-injection / SSRF / tempfile / rate-limit fixes.
  • Languages: Go scope-resolution (Ring 3), TypeScript Ring 3, Unreal Engine C++, Thrift contracts, Rust workspace cross-crate, workspace extractors for Node/Python/Go/Java/Elixir.
  • DX: `gitnexus publish`, structured pino logger, MCP tool safety annotations, `--embeddings `, `/autofix` ChatOps button.

See `gitnexus/CHANGELOG.md` for the full categorised entry.

Closes

FTS / read-only DB cluster (via #1226, #1418, #1107, #1123): closes #1255, #1287, #1170, #1449, #1440, #1216, #1438

WAL corruption cluster (via #1417, #1314, #1377): closes #1402, #1236, #1273, #1361

Embeddings cluster (via #1419, #1252, #1078): closes #1378, #1437, #1205

Native crash cluster (via #1235 ladybug 0.16.x, #1326, #1129, #1314, #1417): closes #1162, #1160, #273

Windows native crashes / silent no-op (via #1243 tree-sitter-c/cpp pin, #1430 lock acquisition, #1237 surface silent skips, #1226 canonical root, #1299 .cmd shim, #1235 ladybug): closes #1242, #1427, #1447, #1468, #1400; partial #1218

C# scope-resolution "Cannot add property" crashes (via #1399): closes #1426, #1465

Other explicit closes: #382 (#1375), #1066 (#1082), #1086 (#1087), #1110 (#1159), #1138 (#1293), #1147 (#1355), #1148 (9581484), #1149 (#1359), #1169 (#1237), #1172 (#1341), #1178 (#1181), #1185 (#1247), #1259 (#1296), #1323 (#1354), #1328 (#1339), #1360 (#1374)

Not closed (known to still be open after v1.6.4)

Test plan

  • CI passes on this PR
  • After merge, tag `v1.6.4` on the merge commit and push to trigger `publish.yml`
  • Verify npm publish + GitHub Release auto-creation
  • Author release notes in `/tmp/release-v1.6.4.md` and upload via `gh release edit v1.6.4 --notes-file`

@vercel

vercel Bot commented May 10, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
gitnexus Ready Ready Preview, Comment May 10, 2026 7:16am

Request Review

@github-actions

github-actions Bot commented May 10, 2026

Copy link
Copy Markdown
Contributor

CI Report

All checks passed

Pipeline Status

Stage Status Details
✅ Typecheck success tsc --noEmit
✅ Tests success unit tests, 3 platforms
✅ E2E success gitnexus-web changes only

Test Results

Tests Passed Failed Skipped Duration
8508 8507 0 1 387s

✅ All 8507 tests passed

1 test(s) skipped — expand for details
  • buildTypeEnv > known limitations (documented skip tests) > Ruby block parameter: users.each { |user| } — closure param inference, different feature

Code Coverage

Tests

Metric Coverage Covered Base Delta Status
Statements 77.91% 25463/32679 N/A% 🟢 ███████████████░░░░░
Branches 66.38% 16077/24219 N/A% 🟢 █████████████░░░░░░░
Functions 83.13% 2553/3071 N/A% 🟢 ████████████████░░░░
Lines 80.95% 23016/28431 N/A% 🟢 ████████████████░░░░

📋 View full run · Generated by CI

@magyargergo magyargergo merged commit 936a3be into main May 10, 2026
33 checks passed
@magyargergo magyargergo deleted the release/v1.6.4 branch May 10, 2026 07:33
@magyargergo magyargergo mentioned this pull request May 10, 2026
Merged
3 tasks
magyargergo added a commit that referenced this pull request May 10, 2026
@magyargergo
ci(release): skip rc build on release PRs (#1474)
5d670a5 
* ci(release): skip rc build on release PRs

Suppress the auto-fired Release Candidate workflow when:
  1. The HEAD commit subject matches `chore: release vX.Y.Z` (the canonical
     release-PR title), or
  2. The squash-merged PR carries the `release` label.

Either match short-circuits the guard to should_run=false. This prevents the
rc cycle from racing publish.yml on the v-tag (as happened on v1.6.4 where
we had to manually cancel the auto-fired RC run after merging PR #1473).

Adds pull-requests: read to the guard job for the label lookup. A failed
gh API call falls through to the existing dedup logic rather than silently
suppressing rc builds.

* ci(release): address PR #1474 review — anchor regex + sanitise log echo

Two minor follow-ups from Claude's review:

1. End-anchor the release-subject regex. The previous shape
   ^chore: release vX.Y.Z would match noisy variants like
   chore: release v1.0.0 (something unrelated). The new shape
   requires either the bare title or the canonical squash-merge
   (#NNNN) suffix exactly.

2. Sanitise HEAD_SUBJECT before echoing to logs. git %s strips
   newlines so LF injection is impossible, but a hypothetical
   subject containing ::error:: or ::set-output:: could otherwise
   forge GitHub Actions annotation entries. Defence-in-depth.

Both findings flagged minor / does not block merge — applying
anyway since they are trivial.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment