ci: fix nexus upload pipeline and release auto-trigger#2252
Conversation
📝 WalkthroughWalkthroughThe PR modifies GitHub Actions workflows for Nexus artifact uploads. The trigger mechanism switches from a conditional upstream workflow completion to the GitHub Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
No actionable suggestions for changed features. |
- upload-nexus: the has_uploads output line used nested \" escapes inside echo "...$(python -c \"...\")". When GitHub Actions writes the YAML run block to a temp shell script the \" become literal " creating unbalanced quotes; bash exits with code 2 after the matrix<<EOF block is already open in GITHUB_OUTPUT, causing the secondary "Matching delimiter not found 'EOF'" error. Fixed by capturing the result in a variable with a single-quoted python command. Also switched to a random delimiter to prevent any future content collisions. - _build: add run-vs2022 input (default true); build.yaml passes false to skip the vs2022 job for tag/release builds where only the vs2026 artifact is shipped. PR builds continue running both. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
matrix context is not available in job-level if conditions (only in steps); using it there fails GitHub Actions static validation. Switch to strategy.matrix.exclude with a conditional value: when run-vs2022 is false the exclude entry matches the vs2022 compiler and removes it from the matrix; when true the value is empty so nothing is excluded. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
PREVIOUS_TAG was picking v1.5.0-rc.5 over v1.4.11 because version sort puts RCs ahead of the prior stable. Features bumped before the first RC would never be detected as needing a Nexus upload. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace workflow_run trigger with release: [published] so Nexus upload fires automatically when a draft is published, not when the build completes (which was too early — release still a draft) - Add explicit draft-release guard in resolve step so manual dispatch on an unpublished release fails fast with a clear error Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
alandtse
force-pushed
the
fix/ci-build-issues
branch
from
7a5d0eb to
fcea21a
Compare
alandtse
changed the title
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/nexus-upload-on-release.yaml:
- Around line 13-17: The workflow caller sets the reusable workflow input
dry_run to "true", which prevents the upload step gated by the upload-to-nexus
condition from ever running; change the dry_run input passed to the reusable
workflow (in .github/workflows/nexus-upload-on-release.yaml where it calls
./.github/workflows/upload-nexus.yaml) from "true" to "false" (or wire it to a
release/input variable that evaluates to false) so the upload-to-nexus gate in
upload-nexus.yaml will allow the actual upload to run.
In @.github/workflows/upload-nexus.yaml:
- Around line 101-106: The script uses the list releases endpoint and
client-side filtering which hits pagination; change the gh api call that sets
DRAFT (currently calling "repos/$GITHUB_REPOSITORY/releases" with TAG filtering)
to call the tag-specific endpoint "repos/$GITHUB_REPOSITORY/releases/tags/$TAG"
so the release is looked up directly, then extract .draft from that response and
handle a non-existent/404 response (treat as error); update the DRAFT assignment
and the subsequent check that compares DRAFT to "false" accordingly (symbols:
DRAFT, TAG, the gh api invocation).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: 770ea058-72bb-463a-929c-5c1733a32f22
📒 Files selected for processing (2)
.github/workflows/nexus-upload-on-release.yaml.github/workflows/upload-nexus.yaml
| uses: ./.github/workflows/upload-nexus.yaml | ||
| with: | ||
| tag: ${{ github.event.workflow_run.head_branch }} | ||
| tag: ${{ github.event.release.tag_name }} | ||
| artifact_pattern: "CommunityShaders-*.7z" | ||
| dry_run: "true" |
There was a problem hiding this comment.
This published-release workflow still never performs the upload.
Because .github/workflows/upload-nexus.yaml gates upload-to-nexus on dry_run != 'true' at Lines 245-247, this caller can only do the preview path. If the intent is to upload automatically after publish, this input needs to be false.
Suggested fix
with:
tag: ${{ github.event.release.tag_name }}
artifact_pattern: "CommunityShaders-*.7z"
- dry_run: "true"
+ dry_run: "false"📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| uses: ./.github/workflows/upload-nexus.yaml | |
| with: | |
| tag: ${{ github.event.workflow_run.head_branch }} | |
| tag: ${{ github.event.release.tag_name }} | |
| artifact_pattern: "CommunityShaders-*.7z" | |
| dry_run: "true" | |
| uses: ./.github/workflows/upload-nexus.yaml | |
| with: | |
| tag: ${{ github.event.release.tag_name }} | |
| artifact_pattern: "CommunityShaders-*.7z" | |
| dry_run: "false" |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/nexus-upload-on-release.yaml around lines 13 - 17, The
workflow caller sets the reusable workflow input dry_run to "true", which
prevents the upload step gated by the upload-to-nexus condition from ever
running; change the dry_run input passed to the reusable workflow (in
.github/workflows/nexus-upload-on-release.yaml where it calls
./.github/workflows/upload-nexus.yaml) from "true" to "false" (or wire it to a
release/input variable that evaluates to false) so the upload-to-nexus gate in
upload-nexus.yaml will allow the actual upload to run.
| DRAFT=$(gh api "repos/$GITHUB_REPOSITORY/releases" \ | ||
| --jq ".[] | select(.tag_name == \"$TAG\") | .draft" 2>/dev/null | head -1) | ||
| if [ "$DRAFT" != "false" ]; then | ||
| echo "ERROR: Release '$TAG' is not published. Publish the GitHub release before uploading to Nexus." >&2 | ||
| exit 1 | ||
| fi |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
cat -n .github/workflows/upload-nexus.yaml | sed -n '95,110p'Repository: community-shaders/skyrim-community-shaders
Length of output: 1010
🏁 Script executed:
cat -n .github/workflows/upload-nexus.yaml | sed -n '1,50p'Repository: community-shaders/skyrim-community-shaders
Length of output: 2181
🏁 Script executed:
wc -l .github/workflows/upload-nexus.yamlRepository: community-shaders/skyrim-community-shaders
Length of output: 126
🏁 Script executed:
# Check GitHub CLI documentation for releases endpoint behavior
gh api --help 2>&1 | head -50Repository: community-shaders/skyrim-community-shaders
Length of output: 2767
🏁 Script executed:
# Test what happens when gh api returns empty result
TEST_EMPTY=$(echo "" | head -1)
if [ "$TEST_EMPTY" != "false" ]; then
echo "Empty string test: condition is TRUE (empty != false)"
else
echo "Empty string test: condition is FALSE"
fi
# Test what the condition does with actual empty output
TEST_EMPTY2=$( { echo ""; } | head -1)
if [ "$TEST_EMPTY2" != "false" ]; then
echo "Empty output test: condition is TRUE"
else
echo "Empty output test: condition is FALSE"
fiRepository: community-shaders/skyrim-community-shaders
Length of output: 177
🌐 Web query:
GitHub API GET /repos/{owner}/{repo}/releases pagination default per_page
💡 Result:
The default per_page for the GitHub REST API GET /repos/{owner}/{repo}/releases endpoint is 30. This is explicitly stated in the official GitHub documentation for the releases endpoint. The maximum per_page is 100. Pagination also supports a page parameter with default 1.
Citations:
- 1: https://docs.github.com/rest/releases/releases
- 2: https://docs.github.com/v3/repos/releases
- 3: https://docs.github.com/en/rest/releases/releases
🌐 Web query:
GitHub API GET /repos/{owner}/{repo}/releases/tags/{tag} endpoint
💡 Result:
The GitHub REST API endpoint GET /repos/{owner}/{repo}/releases/tags/{tag} retrieves a published release associated with the specified tag name. Path parameters: - owner (string, required): The account owner of the repository. The name is not case sensitive. - repo (string, required): The name of the repository without the .git extension. The name is not case sensitive. - tag (string, required): The tag name. HTTP method: GET Base URL: https://api.github.com Example: curl -L -X GET https://api.github.com/repos/OWNER/REPO/releases/tags/TAG Response: On success (200), returns the full release object (same schema as the "Create a release" endpoint), including fields like id, tag_name, name, body, author, assets, etc. This endpoint gets releases only; it does not return regular Git tags without an associated release. Use the Repository Tags API for plain tags. No authentication is strictly required for public repositories, but recommended for rate limits. Uses standard GitHub API headers like Accept: application/vnd.github+json.
Citations:
- 1: https://docs.github.com/v3/repos/releases
- 2: https://docs.github.com/en/rest/releases/releases
- 3: https://github.apidog.io/api-3489364
- 4: https://docs.github.com/rest/releases/releases
Use the tag-specific release endpoint to avoid pagination issues.
The list endpoint defaults to 30 items per page. When manually dispatched against older published tags (beyond the first page), the client-side filter fails to find the release, DRAFT becomes empty, and the condition [ "$DRAFT" != "false" ] incorrectly evaluates to true, causing a false "not published" error. Query the release by tag directly instead.
Suggested fix
- DRAFT=$(gh api "repos/$GITHUB_REPOSITORY/releases" \
- --jq ".[] | select(.tag_name == \"$TAG\") | .draft" 2>/dev/null | head -1)
+ DRAFT=$(gh api "repos/$GITHUB_REPOSITORY/releases/tags/$TAG" \
+ --jq '.draft' 2>/dev/null)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| DRAFT=$(gh api "repos/$GITHUB_REPOSITORY/releases" \ | |
| --jq ".[] | select(.tag_name == \"$TAG\") | .draft" 2>/dev/null | head -1) | |
| if [ "$DRAFT" != "false" ]; then | |
| echo "ERROR: Release '$TAG' is not published. Publish the GitHub release before uploading to Nexus." >&2 | |
| exit 1 | |
| fi | |
| DRAFT=$(gh api "repos/$GITHUB_REPOSITORY/releases/tags/$TAG" \ | |
| --jq '.draft' 2>/dev/null) | |
| if [ "$DRAFT" != "false" ]; then | |
| echo "ERROR: Release '$TAG' is not published. Publish the GitHub release before uploading to Nexus." >&2 | |
| exit 1 | |
| fi |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In @.github/workflows/upload-nexus.yaml around lines 101 - 106, The script uses
the list releases endpoint and client-side filtering which hits pagination;
change the gh api call that sets DRAFT (currently calling
"repos/$GITHUB_REPOSITORY/releases" with TAG filtering) to call the tag-specific
endpoint "repos/$GITHUB_REPOSITORY/releases/tags/$TAG" so the release is looked
up directly, then extract .draft from that response and handle a
non-existent/404 response (treat as error); update the DRAFT assignment and the
subsequent check that compares DRAFT to "false" accordingly (symbols: DRAFT,
TAG, the gh api invocation).
|
✅ A pre-release build is available for this PR: |
…ders#2252) Adapted from PR community-shaders#2252. Kept this branch's existing release trigger and draft-release guard; applied the missing stable-tag base selection filter.
…ders#2252) Adapted from PR community-shaders#2252. Kept this branch's existing release trigger and draft-release guard; applied the missing stable-tag base selection filter.
…ders#2252) Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
3 participants
Summary
strategy.matrix.exclude(matrix context not valid in job-levelif)PREVIOUS_TAGwas resolving tov1.5.0-rc.5instead ofv1.4.11due to version sort ordering; fixed withgrep -v -- '-'to skip pre-release tagsworkflow_runtrigger (fired while release still a draft, causinggh release download404) withrelease: [published]; added explicit draft-release guard in resolve step for manual dispatchTest plan
Upload Nexus Releasemanually with a published stable tag — should pass resolve stepUpload Nexus Releasemanually with a draft tag — should fail fast at resolve with clear errorNexus Upload (Post Release)should fire automaticallyifcondition🤖 Generated with Claude Code
Summary by CodeRabbit