Skip to content

[master] use old release process#3333

Merged
openshift-merge-bot[bot] merged 1 commit intoopenshift-assisted:masterfrom
openshift-cherrypick-robot:cherry-pick-3288-to-master
Dec 18, 2025
Merged

[master] use old release process#3333
openshift-merge-bot[bot] merged 1 commit intoopenshift-assisted:masterfrom
openshift-cherrypick-robot:cherry-pick-3288-to-master

Conversation

@openshift-cherrypick-robot
Copy link
Contributor

@openshift-cherrypick-robot openshift-cherrypick-robot commented Dec 18, 2025
edited by jgyselov
Loading

Returning to a working release process.

This is an automated cherry-pick of #3288

/assign jgyselov

Summary by CodeRabbit

  • Chores
    • Updated internal release workflow infrastructure, including action versions and npm authentication configuration.

✏️ Tip: You can customize this high-level summary in your review settings.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Dec 18, 2025
Merged
@coderabbitai
Copy link

coderabbitai bot commented Dec 18, 2025
edited
Loading

Walkthrough

Modified GitHub Actions release workflow: downgraded checkout and setup-node actions from v4 to v3, removed workflow-level permissions, added git configuration step, introduced NPM_AUTH_TOKEN environment variable for scoped registry authentication, removed explicit Yarn registry config, and added retry delay loop post-publish verification for eventual consistency.

Changes

Cohort / File(s) Change Summary
Release workflow configuration
.github/workflows/release.yaml		 Removed root permissions block; downgraded checkout@v4→v3 and setup-node@v4→v3; added git user config before Node setup; replaced Yarn registry config with NPM_AUTH_TOKEN env var and npm token configuration for openshift-assisted scope; simplified npm publish command (removed --access public); added sleep retry loop after publish verification

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Action version downgrades: Verify compatibility of v3 versions and any behavioral differences from v4
  • Permission changes: Confirm removal of id-token: write doesn't break workflow functionality
  • NPM token configuration: Ensure NPM_AUTH_TOKEN scoping and security practices are correct
  • Retry logic: Validate sleep delay duration and retry behavior for eventual consistency

Possibly related PRs

Suggested labels

lgtm, approved, size/S

Suggested reviewers

  • jgyselov
  • ammont82

Poem

🐰 With actions downgraded and permissions trimmed tight,
Git whispers its secrets, the tokens shine bright,
A retry loop waits with a patient delay,
While packages journey through the release's way!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title '[master] use old release process' directly summarizes the main change: reverting the release workflow to an older process by downgrading actions and modifying configuration.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci openshift-ci bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 18, 2025
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 18, 2025
@openshift-ci
Copy link

openshift-ci bot commented Dec 18, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jgyselov, openshift-cherrypick-robot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 18, 2025
coderabbitai[bot]
coderabbitai bot reviewed Dec 18, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/release.yaml (1)

1-86: Concern: Intentional downgrade conflicts with GitHub Actions deprecation policy.

The PR title indicates this is intentionally using an "old release process," but the downgrades to v3 actions conflict with GitHub's deprecation warnings. While there may be valid reasons for reverting (perhaps v4 actions introduced breaking changes), this approach creates technical debt and risks future workflow failures.

Consider:

  1. Documenting why the revert to v3 is necessary in the PR description or workflow comments
  2. Creating a follow-up issue to investigate and resolve the root cause requiring v3 actions
  3. Adding workflow comments explaining the version pinning to prevent future "upgrade" attempts

Would you like me to help document the specific issues with v4 actions that necessitated this revert, or open a tracking issue for modernizing this workflow?

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60b2e0f and 75a21a6.

📒 Files selected for processing (1)
  • .github/workflows/release.yaml (3 hunks)
🧰 Additional context used
🪛 actionlint (1.7.9)
.github/workflows/release.yaml

24-24: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

50-50: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
  • GitHub Check: format
  • GitHub Check: lint
  • GitHub Check: unit-tests
  • GitHub Check: circular-deps
  • GitHub Check: translation-files
  • GitHub Check: tests
🔇 Additional comments (1)
.github/workflows/release.yaml (1)

45-49: LGTM: Git configuration properly set for automated commits.

The git configuration step correctly sets up user identity for the subsequent version bump commits using GitHub's standard bot email format.

@openshift-merge-bot openshift-merge-bot bot merged commit a7da983 into openshift-assisted:master Dec 18, 2025
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jgyselov jgyselov jgyselov approved these changes

@ammont82 ammont82 Awaiting requested review from ammont82

@ElayAharoni ElayAharoni Awaiting requested review from ElayAharoni

Assignees

@jgyselov jgyselov

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@openshift-cherrypick-robot @jgyselov @rawagner