SELF-832: tweak mobile deploy auto bump version pr feature; v2.7.0

[transphorm]

Summary by CodeRabbit

• New Features

  • Adds a bump-version job exposing app version and per-platform build numbers; new dry_run and bump_target_branch inputs. Creates version-bump PRs from staging when ahead, auto-labeled, with body; exits early if no changes.

• Refactor

  • Centralized CI-driven version management: CI computes/verifies version and build numbers; deploy lanes consume CI-provided values instead of local bumping. Adds a reusable version-manager tool.

• Chores

  • Action now exposes a version output; improved fork-aware flows, idempotent tagging, changelog/release publishing, extended CI timeouts, and updated iOS build metadata.

[coderabbitai]

Walkthrough

Reworks CI-driven mobile versioning: new staging-focused bump-PR action, exposes version from get-version action, adds a bump-version job producing version/build outputs, moves build-number authority to CI (Fastlane verifies CI values), and increments iOS build in app/version.json.

Changes

Cohort / File(s)	Summary
Version-bump PR action .github/actions/create-version-bump-pr/action.yml	Replaces temporary-commit flow with a staging-focused flow: fetches origin/staging and origin/dev, checks out staging, computes commits-ahead vs dev, exits if zero, creates/pushes a bump branch, and opens a labeled PR with a body.
Version extraction action .github/actions/get-version/action.yml	Adds id: get-version to the step and declares an action output version wired to steps.get-version.outputs.version; still sets VERSION via GITHUB_ENV.
Mobile deploy workflow .github/workflows/mobile-deploy.yml	Adds dry_run and bump_target_branch inputs; new bump-version job that computes/outputs {version, ios_build, android_build, version_bump_type}; refactors downstream jobs to consume those outputs, adds idempotent tagging/PR creation, fork-safe install flows, artifact presence/size checks, changelog/release steps, and branch/commit verification.
Fastlane integration app/fastlane/Fastfile	Removes in-file semver bump logic; threads version_bump through lanes; reads build numbers via helper methods instead of incrementing locally; logs build numbers and uses CI-provided values (verify when version_bump == "skip").
Fastlane helper app/fastlane/helpers/version_manager.rb	Removes bump_ios_build_number and bump_android_build_number; adds verify_ci_version_match which validates CI_VERSION, CI_IOS_BUILD, and CI_ANDROID_BUILD against repo metadata and raises on mismatches.
Version manager script app/scripts/version-manager.cjs	New Node CLI with exports: getVersionInfo, bumpVersion, applyVersions, readPackageJson, readVersionJson; supports get, bump, apply commands and emits GitHub Actions-compatible outputs.
Version metadata app/version.json	iOS build incremented 178 → 179 and lastDeployed timestamp updated; Android unchanged.
E2E timeouts .github/workflows/mobile-e2e.yml	Increased timeout-minutes for android-build-test and e2e-ios from 60 → 120.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor Dev as Trigger (manual/PR)
  participant B as bump-version job
  participant G as get-version action
  participant I as build-ios job
  participant A as build-android job
  participant T as Tagging/PR

  Dev->>B: Start (inputs: dry_run, bump_target_branch)
  B->>G: Read package.json version
  G-->>B: outputs.version
  B->>B: Determine bump from labels/inputs -> compute ios_build/android_build
  alt not dry_run
    B->>B: applyVersions -> update files and push tags
    B->>T: create PR (adds automated label)
  end
  B-->>I: outputs {version, ios_build, version_bump_type}
  B-->>A: outputs {version, android_build, version_bump_type}
  I->>I: Build iOS using provided version/build
  A->>A: Build Android using provided version/build
  I-->>T: artifact verification
  A-->>T: artifact verification

Loading

sequenceDiagram
  autonumber
  actor GH as Scheduler
  participant C as create-version-bump-pr action
  participant R as Remote (origin)

  GH->>C: Run action
  C->>R: fetch origin/staging, origin/dev
  C->>C: checkout staging
  C->>C: compute COMMITS_AHEAD (staging vs dev)
  alt COMMITS_AHEAD == 0
    C-->>GH: Exit (no PR)
  else COMMITS_AHEAD > 0
    C->>R: create & push branch from staging
    C->>GH: gh pr create (body + automated label)
  end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Possibly related PRs

• refine mobile deploy auto pr logic #1234 — Overlaps changes to the create-version-bump-pr action and PR creation/labeling flow.
• chore: last build bump for v268 #1166 — Similar refactor of bump-version PR creation and staging/branch handling.
• Feat/mobile deployment automation #759 — Centralizes mobile version-management (Fastfile, helpers, version.json) overlapping this PR.

Suggested labels

codex

Suggested reviewers

• remicolin
• shazarre

Poem

Staging counts the commits, then sings,
CI sets numbers, tags and wings.
Builds aligned, checks pass on time,
One iOS build nudged up by one—sublime.
Automated PRs march in rhyme.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately references the mobile deploy auto-bump version PR feature and includes the associated ticket, making it related to the main changeset even though the phrasing is somewhat verbose and includes a version suffix.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch justin/fix-mobile-deploy-missing-version-v270

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c5d0e5d and 3966a43.

📒 Files selected for processing (5)

• .github/actions/create-version-bump-pr/action.yml (2 hunks)
• .github/actions/get-version/action.yml (1 hunks)
• .github/workflows/mobile-deploy.yml (18 hunks)
• app/fastlane/Fastfile (5 hunks)
• app/version.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (1)

📚 Learning: 2025-10-04T05:29:43.577Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.577Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: android-build-test
• GitHub Check: e2e-ios
• GitHub Check: build-deps
• GitHub Check: analyze-ios
• GitHub Check: analyze-android

🔇 Additional comments (12)

app/version.json (1)

3-4: LGTM! iOS build number increment aligns with workflow changes.

The iOS build increment (178 → 179) and timestamp update are consistent with the new centralized bump-version workflow introduced in this PR.

.github/actions/create-version-bump-pr/action.yml (2)

28-38: Verify staging branch exists before checkout.

The workflow now explicitly checks out the staging branch and computes commits ahead of dev. However, there's no error handling if the staging branch doesn't exist or if the fetch fails.

Consider adding error handling:

 # Ensure we're on staging branch, not detached HEAD
+if ! git fetch origin staging dev; then
+  echo "❌ Failed to fetch branches"
+  exit 1
+fi
 git fetch origin staging dev
-git checkout staging
+if ! git checkout staging; then
+  echo "❌ Failed to checkout staging branch"
+  exit 1
+fi

---

59-60: Good addition: PR automation improvements.

Adding the PR body and automated label enhances traceability and allows for better filtering of CI-generated PRs.

.github/actions/get-version/action.yml (1)

10-24: LGTM! Output exposure enables better workflow integration.

The new version output enables downstream steps to consume the extracted version directly, which is essential for the centralized bump-version workflow. The use of GITHUB_OUTPUT follows current GitHub Actions best practices.

app/fastlane/Fastfile (3)

114-120: LGTM! Skip logic prevents double version bumps.

The explicit skip handling is crucial since the new bump-version workflow job performs version bumping atomically before platform builds. This prevents race conditions and ensures consistent version numbers across iOS and Android.

---

374-384: LGTM! Consistent skip handling for Android.

The Android implementation mirrors the iOS skip logic, ensuring consistent behavior across both platforms.

---

195-204: Confirm get_ios_build_number is side-effect free

• get_ios_build_number calls read_version_file, which only reads and parses version.json without writes or state changes

.github/workflows/mobile-deploy.yml (5)

74-83: LGTM! New inputs enhance workflow flexibility.

The dry_run input enables safe testing without commits/pushes, and bump_target_branch allows testing against different branches. Both are valuable for CI/CD testing and debugging.

---

122-244: Verify concurrency handling with atomic bump-version job.

The new bump-version job atomically bumps version and build numbers before platform builds. However, the concurrency group at line 118 uses inputs.deployment_track || github.ref_name, which might not prevent concurrent runs when bump_target_branch is used.

Consider whether the concurrency group should include bump_target_branch:

concurrency:
  group: mobile-deploy-${{ inputs.deployment_track || github.ref_name }}-${{ inputs.bump_target_branch || 'staging' }}
  cancel-in-progress: false

This ensures that concurrent deploys to the same target branch don't interfere with each other during version bumping.

---

688-717: Excellent addition: post-build verification catches silent failures.

The IPA verification step checks for build output and validates file size, which can catch silent build failures that would otherwise go unnoticed. This is a critical safety check for production deployments.

---

1115-1144: Excellent addition: Android verification mirrors iOS checks.

Consistent verification logic across both platforms improves reliability and makes debugging easier.

---

1274-1325: Idempotent tagging handles re-runs gracefully.

The tag creation logic properly checks exit codes and handles existing tags without failing. The force push fallback (line 1323) ensures tags are updated even if they exist remotely.

However, consider whether force-pushing tags is the desired behavior. Force-pushing can cause issues if tags are used for release tracking by external systems.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3966a43 and c09bee7.

📒 Files selected for processing (1)

• .github/workflows/mobile-deploy.yml (18 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (2)

📚 Learning: 2025-10-08T20:23:58.768Z

Learnt from: transphorm
PR: selfxyz/self#1244
File: .github/workflows/mobile-deploy.yml:774-776
Timestamp: 2025-10-08T20:23:58.768Z
Learning: In the selfxyz/self repository, for the mobile deployment workflow (.github/workflows/mobile-deploy.yml):
- iOS builds cache Ruby gems at `app/ios/vendor/bundle`
- Android builds cache Ruby gems at `app/vendor/bundle`
- These paths should be used consistently within their respective build jobs

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-10-04T05:29:43.577Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.577Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: bump-version
• GitHub Check: build
• GitHub Check: build-deps
• GitHub Check: analyze-android
• GitHub Check: analyze-ios

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

.github/workflows/mobile-deploy.yml (1)

239-239: Respect the configured bump target branch.

git pull origin staging ignores the bump_target_branch input, so when someone bumps off a branch other than staging this step silently pulls the wrong history and can corrupt that target branch. Please pull from the same branch you fetch/checkout above.

-          git pull origin staging
+          git pull origin "$TARGET_BRANCH"

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c09bee7 and 1e4aab7.

📒 Files selected for processing (1)

• .github/workflows/mobile-deploy.yml (18 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (2)

📚 Learning: 2025-10-08T20:23:58.768Z

Learnt from: transphorm
PR: selfxyz/self#1244
File: .github/workflows/mobile-deploy.yml:774-776
Timestamp: 2025-10-08T20:23:58.768Z
Learning: In the selfxyz/self repository, for the mobile deployment workflow (.github/workflows/mobile-deploy.yml):
- iOS builds cache Ruby gems at `app/ios/vendor/bundle`
- Android builds cache Ruby gems at `app/vendor/bundle`
- These paths should be used consistently within their respective build jobs

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-10-04T05:29:43.577Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.577Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-deps
• GitHub Check: e2e-ios
• GitHub Check: analyze-android
• GitHub Check: analyze-ios

[transphorm]

doesn't work as expected, yet - #1245

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

app/fastlane/Fastfile (1)

39-39: Use the same package.json as CI (app/package.json) to avoid drift.

CI updates app/package.json; this lane reads ../package.json (repo root). Align the source to prevent setting the wrong marketing/versionName.

-# Environment setup
-package_version = JSON.parse(File.read("../package.json"))["version"]
+# Environment setup
+# Prefer the helper which already targets app/package.json
+package_version = Fastlane::Helpers.get_current_version
+# If the helper is unavailable here, fallback to resolving app/package.json explicitly:
+# package_version = JSON.parse(File.read(File.expand_path("../package.json", __dir__)))["version"]

♻️ Duplicate comments (1)

.github/workflows/mobile-deploy.yml (1)

1429-1436: Do not force-push tags; preserve release integrity.

Force-pushing tags can rewrite existing signed tags. Fail fast instead of forcing.

-# Push all tags (force to handle any conflicts)
-if git push origin --tags 2>/dev/null; then
-  echo "🚀 Tags pushed to repository"
-else
-  echo "⚠️  Some tags may already exist on remote, trying force push..."
-  git push origin --tags --force
-  echo "🚀 Tags force-pushed to repository"
-fi
+# Push all tags (no force); fail fast on conflicts
+git fetch --tags origin
+if git push origin --tags; then
+  echo "🚀 Tags pushed to repository"
+else
+  echo "❌ Failed to push tags. Remote already has conflicting tags – resolve manually."
+  exit 1
+fi

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 88dfb2f and 3187b49.

📒 Files selected for processing (5)

• .github/workflows/mobile-deploy.yml (20 hunks)
• .github/workflows/mobile-e2e.yml (2 hunks)
• app/fastlane/Fastfile (6 hunks)
• app/fastlane/helpers/version_manager.rb (1 hunks)
• app/scripts/version-manager.cjs (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/mobile-e2e.yml

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (2)

📚 Learning: 2025-10-08T20:23:58.783Z

Learnt from: transphorm
PR: selfxyz/self#1244
File: .github/workflows/mobile-deploy.yml:774-776
Timestamp: 2025-10-08T20:23:58.783Z
Learning: In the selfxyz/self repository, for the mobile deployment workflow (.github/workflows/mobile-deploy.yml):
- iOS builds cache Ruby gems at `app/ios/vendor/bundle`
- Android builds cache Ruby gems at `app/vendor/bundle`
- These paths should be used consistently within their respective build jobs

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-10-04T05:29:43.587Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.587Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

🪛 RuboCop (1.81.1)

app/fastlane/helpers/version_manager.rb

[convention] 47-78: Assignment Branch Condition size for verify_ci_version_match is too high. [<9, 20, 9> 23.71/23]

(Metrics/AbcSize)

app/fastlane/Fastfile

[warning] 136-136: Useless assignment to variable - version_bump.

(Lint/UselessAssignment)

---

[warning] 307-307: Useless assignment to variable - version_bump. Did you mean version_code?

(Lint/UselessAssignment)

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: e2e-ios

[transphorm]

nice! looks like it worked!

#1253

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

.github/workflows/mobile-deploy.yml (1)

1454-1459: Drop the forced tag push.

Falling back to git push origin --tags --force can rewrite previously published release tags. That’s dangerous for consumers who rely on immutable signatures/history. Fetch the tags first and fail fast if the push collides, so a human can reconcile.

-          if git push origin --tags 2>/dev/null; then
-            echo "🚀 Tags pushed to repository"
-          else
-            echo "⚠️  Some tags may already exist on remote, trying force push..."
-            git push origin --tags --force
-            echo "🚀 Tags force-pushed to repository"
-          fi
+          git fetch --tags origin
+          if git push origin --tags; then
+            echo "🚀 Tags pushed to repository"
+          else
+            echo "❌ Failed to push tags. Remote already has conflicting tags – please resolve manually."
+            exit 1
+          fi

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bf4200e and bd30fb1.

📒 Files selected for processing (1)

• .github/workflows/mobile-deploy.yml (20 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (2)

📚 Learning: 2025-10-08T20:23:58.783Z

Learnt from: transphorm
PR: selfxyz/self#1244
File: .github/workflows/mobile-deploy.yml:774-776
Timestamp: 2025-10-08T20:23:58.783Z
Learning: In the selfxyz/self repository, for the mobile deployment workflow (.github/workflows/mobile-deploy.yml):
- iOS builds cache Ruby gems at `app/ios/vendor/bundle`
- Android builds cache Ruby gems at `app/vendor/bundle`
- These paths should be used consistently within their respective build jobs

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-10-04T05:29:43.587Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.587Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: e2e-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android
• GitHub Check: build-deps

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/mobile-deploy.yml (1)

828-834: Android checkout needs the same branch guard

For merged PR runs the ref again becomes 123/merge, leading to checkout failures. Please reuse the conditional base-branch logic here as well.

-          ref: ${{ github.ref_name }}
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.ref || github.ref_name }}

♻️ Duplicate comments (2)

.github/workflows/mobile-deploy.yml (2)

1453-1460: Remove the forced tag push fallback

Falling back to git push origin --tags --force can overwrite existing release tags. That risk was flagged earlier and still needs resolution—fail fast instead of forcing.

-          if git push origin --tags 2>/dev/null; then
-            echo "🚀 Tags pushed to repository"
-          else
-            echo "⚠️  Some tags may already exist on remote, trying force push..."
-            git push origin --tags --force
-            echo "🚀 Tags force-pushed to repository"
-          fi
+          if git push origin --tags; then
+            echo "🚀 Tags pushed to repository"
+          else
+            echo "❌ Failed to push tags because conflicting tags already exist. Please resolve manually."
+            exit 1
+          fi

---

163-168: Fix checkout ref for merged PR events

When this workflow runs for a merged PR, github.ref_name becomes values like 123/merge, which do not exist as branches; actions/checkout fails before the bump can run. Please select the real branch (PR base for pull_request events, otherwise the ref name) before checkout and mirror that fix in the other checkout steps.

-          ref: ${{ github.ref_name }}
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.ref || github.ref_name }}

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd30fb1 and 4cb1e9a.

📒 Files selected for processing (1)

• .github/workflows/mobile-deploy.yml (20 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.github/workflows/**/*.{yml,yaml}

📄 CodeRabbit inference engine (AGENTS.md)

.github/workflows/**/*.{yml,yaml}: In GitHub workflows, use the shared composite actions in .github/actions for dependency caching instead of calling actions/cache directly
Use the cache-yarn composite action for Yarn dependency caching in workflows
Use the cache-bundler composite action for Ruby gems caching in workflows
Use the cache-gradle composite action for Gradle caching in workflows
Use the cache-pods composite action for CocoaPods caching in workflows

Files:

• .github/workflows/mobile-deploy.yml

🧠 Learnings (2)

📚 Learning: 2025-10-08T20:23:58.783Z

Learnt from: transphorm
PR: selfxyz/self#1244
File: .github/workflows/mobile-deploy.yml:774-776
Timestamp: 2025-10-08T20:23:58.783Z
Learning: In the selfxyz/self repository, for the mobile deployment workflow (.github/workflows/mobile-deploy.yml):
- iOS builds cache Ruby gems at `app/ios/vendor/bundle`
- Android builds cache Ruby gems at `app/vendor/bundle`
- These paths should be used consistently within their respective build jobs

Applied to files:

• .github/workflows/mobile-deploy.yml

📚 Learning: 2025-10-04T05:29:43.587Z

Learnt from: CR
PR: selfxyz/self#0
File: AGENTS.md:0-0
Timestamp: 2025-10-04T05:29:43.587Z
Learning: Applies to .github/workflows/**/*.{yml,yaml} : Use the cache-bundler composite action for Ruby gems caching in workflows

Applied to files:

• .github/workflows/mobile-deploy.yml

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: build-deps
• GitHub Check: e2e-ios
• GitHub Check: analyze-ios
• GitHub Check: analyze-android

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Apply the same checkout fix here

github.ref_name resolves to 123/merge on merged PRs, so this checkout also breaks. Switch to the base branch when the event is pull_request, mirroring the bump-version job.

-          ref: ${{ github.ref_name }}
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.ref || github.ref_name }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	# When triggered by PR merge, use the merge commit on staging
	# This ensures we deploy exactly what landed on staging (including version.json from source + any conflict resolutions)
	ref: ${{ github.event.pull_request.merge_commit_sha || 'staging' }}
	# Checkout the branch that triggered the workflow
	ref: ${{ github.ref_name }}
	- name: Read and sanitize Node.js version
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	# Checkout the branch that triggered the workflow
	ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.ref || github.ref_name }}
	- name: Read and sanitize Node.js version

🤖 Prompt for AI Agents

.github/workflows/mobile-deploy.yml around lines 268 to 273: the checkout step
uses ref: ${{ github.ref_name }} which resolves to '123/merge' for merged PRs
and breaks the checkout; change the ref to use the PR base branch when the event
is a pull_request (mirror the bump-version job) by conditionally setting ref to
${{ github.base_ref }} for pull_request events and keeping ${{ github.ref_name
}} otherwise so the workflow checks out the correct branch.