Feat/push to dev main

[hackertron]

based on #759 . this PR adds auto deploy on dev->testing and main->prod

Summary by CodeRabbit

• New Features

  • Introduced automated workflows for mobile app deployment, including auto-deploy on pull request merges and dynamic version bumping.
  • Added unified deployment lanes for iOS and Android with support for internal and production tracks, test mode, and enhanced notifications.
  • Automated release tagging and changelog generation after production deployments.
  • Provided new npm scripts for streamlined release management.

• Documentation

  • Added a comprehensive Mobile Deployment Guide.
  • Expanded and reorganized deployment and release instructions in the main documentation.

• Chores

  • Added scripts for changelog generation and automated release processes.
  • Incremented iOS build number for version tracking.

[coderabbitai]

Walkthrough

This update introduces a comprehensive automated mobile deployment pipeline for both iOS and Android. It adds new GitHub Actions workflows for auto-deployment on PR merges, enhances Fastlane lanes for versioning and track-aware deployment, implements release tagging and changelog generation, and provides extensive documentation and scripts for streamlined release management.

Changes

Cohort / File(s)	Change Summary
GitHub Actions: Auto & Main Mobile Deploy Workflows .github/workflows/mobile-deploy-auto.yml, .github/workflows/mobile-deploy.yml	Added a new workflow to automate mobile deployments on PR merges; enhanced the main deploy workflow with version bumping, deployment track inputs, and a release tagging/changelog job.
Fastlane Deployment Automation app/fastlane/Fastfile	Added unified deploy_auto lanes for iOS/Android with track-aware deployment, version bumping, test mode, and improved error handling and Slack notifications.
Versioning & Tagging Data app/version.json, app/package.json	Incremented iOS build number; added npm scripts for release automation.
Release & Changelog Scripts app/scripts/release.sh, app/scripts/generate-changelog.sh	Added scripts for automated version bumping, changelog generation, tagging, and release orchestration.
Documentation: Deployment & Release app/README.md, .github/MOBILE_DEPLOYMENT.md	Significantly expanded documentation with detailed guides for automated/manual deployment, versioning, troubleshooting, and optimization.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant FL as Fastlane
    participant Stores as App/Play Store

    Dev->>GH: Merge PR to main/dev (with app/ changes)
    GH->>GH: Run mobile-deploy-auto workflow
    GH->>GH: Check PR labels, title, branch, skip logic
    alt Deployment approved
        GH->>GH: Trigger mobile-deploy workflow (with track, bump)
        GH->>FL: Run deploy_auto lane (iOS & Android)
        FL->>Stores: Upload build (track-aware)
        GH->>GH: Tag release, generate changelog, create GitHub Release
    else Deployment skipped
        GH->>Dev: Log skip message, instructions for manual deploy
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Possibly related PRs

• Feat/mobile deployment automation #759: Implements enhancements to the reusable mobile deploy workflow, including version management and automation, which this PR builds upon for its auto-deployment pipeline.
• Improve manual mobile deploy workflow and docs #728: Refactors the mobile deploy workflow for manual triggers and improves Fastlane lanes, sharing core workflow and lane modifications with this PR.

Suggested labels

codex

Suggested reviewers

• transphorm
• remicolin

Poem

🚀 When PRs are merged and the code is sound,
The bots awaken—deployments abound!
Fastlane rushes, tags are set,
Changelogs bloom—no manual sweat.
With scripts and docs, the process is tight,
Mobile releases take automated flight!
📱✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/push-to-dev-main

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (6)

app/scripts/version.cjs (1)

10-18: Consider adding more robust error handling.

The error handling exits immediately on any file operation failure. For a CLI tool, this might be appropriate, but consider providing more specific error messages for different failure scenarios (file not found vs. permission issues vs. malformed JSON).

.github/actions/mobile-setup/action.yml (1)

62-81: Fix trailing spaces and improve dependency validation.

The enhanced yarn installation with immutable flag and detailed error messaging is excellent for preventing dependency drift. However, there are trailing spaces that need to be removed.

Remove trailing spaces on lines 62, 66, and 82:

-        
+
-        
+
-        
+

The dependency validation logic itself is excellent for ensuring reproducible builds.

.github/workflows/mobile-deploy-auto.yml (1)

21-94: Fix YAML formatting issues

Multiple formatting issues detected by YAMLlint.

Remove trailing spaces from lines 21, 27, 29, 35, 44, 60, 64 and add a newline at the end of the file. You can use a YAML formatter or configure your editor to automatically trim trailing whitespace.

app/fastlane/Fastfile (2)

77-77: Remove trailing commas for consistency

RuboCop detected trailing commas after the last parameter in method calls.

Remove the trailing commas from these lines to follow Ruby style conventions:

-        groups: ENV["IOS_TESTFLIGHT_GROUPS"].split(","),
+        groups: ENV["IOS_TESTFLIGHT_GROUPS"].split(",")

Also applies to: 93-93, 141-141, 148-148, 169-169

---

325-325: Remove trailing commas in Android lanes

Same trailing comma style issue as in iOS lanes.

Remove the trailing commas to maintain consistency:

-          gradle_file: android_gradle_file_path.gsub("../", ""),
+          gradle_file: android_gradle_file_path.gsub("../", "")

Also applies to: 411-411, 443-443

.github/workflows/mobile-deploy.yml (1)

69-69: Clean up YAML formatting

Remove trailing spaces from the indicated lines for consistent formatting.

Also applies to: 424-424, 429-429, 434-434, 727-727, 732-732, 737-737

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 83d016e and 74412f8.

⛔ Files ignored due to path filters (1)

• app/Gemfile.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .github/actions/mobile-setup/action.yml (1 hunks)
• .github/workflows/mobile-deploy-auto.yml (1 hunks)
• .github/workflows/mobile-deploy.yml (9 hunks)
• app/fastlane/Fastfile (5 hunks)
• app/fastlane/helpers.rb (1 hunks)
• app/fastlane/helpers/version_manager.rb (1 hunks)
• app/scripts/mobile-deploy-confirm.cjs (3 hunks)
• app/scripts/version.cjs (1 hunks)
• app/version.json (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

app/version.json (1)

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

🪛 YAMLlint (1.37.1)

.github/actions/mobile-setup/action.yml

[error] 62-62: trailing spaces

(trailing-spaces)

---

[error] 66-66: trailing spaces

(trailing-spaces)

---

[error] 82-82: trailing spaces

(trailing-spaces)

---

[error] 85-85: trailing spaces

(trailing-spaces)

.github/workflows/mobile-deploy-auto.yml

[error] 21-21: trailing spaces

(trailing-spaces)

---

[error] 27-27: trailing spaces

(trailing-spaces)

---

[error] 29-29: trailing spaces

(trailing-spaces)

---

[error] 35-35: trailing spaces

(trailing-spaces)

---

[error] 44-44: trailing spaces

(trailing-spaces)

---

[error] 60-60: trailing spaces

(trailing-spaces)

---

[error] 64-64: trailing spaces

(trailing-spaces)

---

[error] 94-94: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/mobile-deploy.yml

[error] 69-69: trailing spaces

(trailing-spaces)

---

[error] 424-424: trailing spaces

(trailing-spaces)

---

[error] 429-429: trailing spaces

(trailing-spaces)

---

[error] 434-434: trailing spaces

(trailing-spaces)

---

[error] 727-727: trailing spaces

(trailing-spaces)

---

[error] 732-732: trailing spaces

(trailing-spaces)

---

[error] 737-737: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.7)

.github/workflows/mobile-deploy-auto.yml

25-25: "github.event.pull_request.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details

(expression)

---

67-67: "github.event.pull_request.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🪛 RuboCop (1.76.1)

app/fastlane/Fastfile

[convention] 77-77: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 93-93: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 141-141: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 148-148: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 169-169: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 325-325: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 411-411: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 414-421: Avoid more than 3 levels of block nesting.

(Metrics/BlockNesting)

---

[convention] 443-443: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

🪛 GitHub Check: lint

app/scripts/mobile-deploy-confirm.cjs

[warning] 405-405:
Missing radix parameter

---

[warning] 395-395:
Missing radix parameter

---

[warning] 375-375:
Missing radix parameter

---

[warning] 357-357:
Missing radix parameter

⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: build-ios
• GitHub Check: build-android

🔇 Additional comments (20)

app/version.json (1)

1-10: Clean and well-structured version tracking configuration.

The JSON structure is simple and effective for centralized build number and deployment timestamp management. The initial build numbers (iOS: 148, Android: 82) suggest this is migrating from existing versioning, which is appropriate for maintaining continuity.

app/fastlane/helpers.rb (2)

16-16: Proper integration of version manager helper.

The require statement follows the established pattern for including Fastlane helpers.

---

24-24: Consistent module extension pattern.

The module extension follows the same pattern as other helpers in the file, maintaining consistency in the codebase.

app/scripts/version.cjs (5)

20-27: Synchronous file operations are acceptable for CLI usage.

Using synchronous file operations is appropriate for a CLI tool where blocking behavior is expected. The error handling pattern is consistent with the read function.

---

39-63: Robust platform validation and build number management.

The platform validation is thorough and the build number incrementing logic is safe with proper bounds checking. The console output provides clear feedback to users.

---

65-87: ISO timestamp generation is appropriate for deployment tracking.

Using new Date().toISOString() provides consistent, timezone-aware timestamps suitable for deployment tracking across different environments.

---

89-105: Well-structured info display function.

The function properly handles both required and optional fields (deployment timestamps), providing clear output formatting for users.

---

107-136: Comprehensive CLI interface with helpful usage information.

The CLI handling covers all expected use cases with clear usage instructions. The help text is informative and includes the important note about version management via npm.

.github/actions/mobile-setup/action.yml (2)

50-57: Excellent addition of strict bundler configuration.

Configuring bundler with deployment mode and vendor path ensures consistent gem installation across environments. This prevents local modifications and ensures reproducible builds.

---

85-101: Robust gem installation with excellent error handling.

The bundle install configuration with retry logic and comprehensive error messaging provides excellent guidance for developers when dependency issues occur. The deployment mode ensures consistent gem versions.

app/fastlane/helpers/version_manager.rb (7)

5-11: Well-structured module with proper path resolution.

The module follows Ruby best practices with extend self for singleton behavior and proper file path resolution using File.expand_path. The constant definition is appropriately scoped.

---

12-21: Robust file reading with comprehensive error handling.

The file reading method properly handles both missing files and JSON parsing errors using Fastlane's UI system for consistent error reporting. This follows Fastlane conventions well.

---

22-28: Safe file writing with proper formatting.

The file writing method ensures proper JSON formatting with JSON.pretty_generate and consistent error handling. The newline addition maintains file formatting standards.

---

29-35: Proper separation of concerns for version sources.

Correctly separates version numbers (from package.json) from build numbers (from version.json). This maintains the intended architecture where npm manages versions and this system manages build numbers.

---

46-62: Excellent build number management with user feedback.

The build number increment methods provide clear feedback about the changes made, including both old and new values. The atomic read-modify-write pattern is safe for this use case.

---

64-77: Proper platform validation and timestamp handling.

The platform validation is comprehensive and the UTC timestamp generation using Time.now.utc.iso8601 ensures consistent timezone-aware timestamps for deployment tracking.

---

78-92: Well-designed sync function with clear output.

The sync function provides excellent visibility into the current state and returns structured data for use in Fastlane workflows. The naming and structure are intuitive.

app/fastlane/Fastfile (1)

401-426: Excellent error handling for Play Store permissions!

The enhanced error handling for Play Store upload failures is a great improvement, providing clear feedback for permission issues.

.github/workflows/mobile-deploy.yml (2)

11-17: Well-structured caching implementation!

The cache versioning strategy with separate versions for different dependency types is excellent. This allows targeted cache invalidation and the monitoring helps track cache efficiency.

Also applies to: 117-155

---

798-878: Smart version synchronization approach!

The separate update-version job effectively prevents race conditions between parallel iOS and Android builds. The [skip ci] tag prevents infinite loops, and the conditional logic ensures updates only happen after successful deployments.

[coderabbitai]

⚠️ Potential issue

Security issue: Another command injection vulnerability

The PR title is used unsafely again in the logging section.

Apply the same fix by using environment variables:

      - name: Log deployment info
        if: steps.check.outputs.should_deploy == 'true'
+       env:
+         PR_TITLE: ${{ github.event.pull_request.title }}
        run: |
          echo "📱 Auto-deployment triggered!"
          echo "Branch: ${{ github.base_ref }}"
          echo "Track: ${{ steps.check.outputs.deployment_track }}"
          echo "Version bump: ${{ steps.check.outputs.version_bump }}"
-         echo "PR: #${{ github.event.pull_request.number }} - ${{ github.event.pull_request.title }}"
+         echo "PR: #${{ github.event.pull_request.number }} - $PR_TITLE"
          echo "Merged by: ${{ github.event.pull_request.merged_by.login }}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Log deployment info
	if: steps.check.outputs.should_deploy == 'true'
	run: |
	echo "📱 Auto-deployment triggered!"
	echo "Branch: ${{ github.base_ref }}"
	echo "Track: ${{ steps.check.outputs.deployment_track }}"
	echo "Version bump: ${{ steps.check.outputs.version_bump }}"
	echo "PR: #${{ github.event.pull_request.number }} - ${{ github.event.pull_request.title }}"
	echo "Merged by: ${{ github.event.pull_request.merged_by.login }}"
	- name: Log deployment info
	if: steps.check.outputs.should_deploy == 'true'
	env:
	PR_TITLE: ${{ github.event.pull_request.title }}
	run: |
	echo "📱 Auto-deployment triggered!"
	echo "Branch: ${{ github.base_ref }}"
	echo "Track: ${{ steps.check.outputs.deployment_track }}"
	echo "Version bump: ${{ steps.check.outputs.version_bump }}"
	echo "PR: #${{ github.event.pull_request.number }} - $PR_TITLE"
	echo "Merged by: ${{ github.event.pull_request.merged_by.login }}"

🧰 Tools

🪛 actionlint (1.7.7)

67-67: "github.event.pull_request.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🤖 Prompt for AI Agents

In .github/workflows/mobile-deploy-auto.yml around lines 65 to 73, the PR title
is directly echoed in the shell command, creating a command injection risk. To
fix this, assign the PR title and other dynamic values to environment variables
before the run step, then reference those variables safely within the echo
commands. This avoids executing untrusted input as shell commands.

[coderabbitai]

⚠️ Potential issue

Critical security issue: Command injection vulnerability

The PR title is being used directly in shell scripts without proper sanitization, which can lead to command injection attacks.

Instead of using the PR title directly in the shell script, pass it through an environment variable:

      - name: Check deployment conditions
        id: check
+       env:
+         PR_TITLE: ${{ github.event.pull_request.title }}
+         PR_BODY: ${{ github.event.pull_request.body }}
        run: |
          echo "🔍 Checking deployment conditions..."
          
          # Skip if PR has skip-deploy in title or body
-         if [[ "${{ github.event.pull_request.title }}" =~ \[skip-deploy\] ]] || 
-            [[ "${{ github.event.pull_request.body }}" =~ \[skip-deploy\] ]]; then
+         if [[ "$PR_TITLE" =~ \[skip-deploy\] ]] || 
+            [[ "$PR_BODY" =~ \[skip-deploy\] ]]; then
            echo "should_deploy=false" >> $GITHUB_OUTPUT
            echo "⏭️ Skipping deployment due to [skip-deploy] flag"
            exit 0
          fi

🧰 Tools

🪛 actionlint (1.7.7)

25-25: "github.event.pull_request.title" is potentially untrusted. avoid using it directly in inline scripts. instead, pass it through an environment variable. see https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions for more details

(expression)

🪛 YAMLlint (1.37.1)

[error] 27-27: trailing spaces

(trailing-spaces)

---

[error] 29-29: trailing spaces

(trailing-spaces)

🤖 Prompt for AI Agents

In .github/workflows/mobile-deploy-auto.yml around lines 23 to 34, the PR title
and body are used directly in the shell script, causing a command injection
risk. To fix this, pass the PR title and body as environment variables to the
script step, then reference these variables inside the shell script instead of
using the GitHub context expressions directly. This avoids executing unsanitized
input in the shell.

[coderabbitai]

⚠️ Potential issue

Specify radix parameter for parseInt calls

Missing radix parameter in parseInt calls can lead to unexpected behavior.

Update all parseInt calls to include the radix parameter:

-    const nextBuild = versions.versionJson
-      ? versions.versionJson.ios.build + 1
-      : parseInt(currentBuild) + 1;
+    const nextBuild = versions.versionJson
+      ? versions.versionJson.ios.build + 1
+      : parseInt(currentBuild, 10) + 1;

-    const nextBuild = versions.versionJson
-      ? versions.versionJson.android.build + 1
-      : parseInt(currentBuild) + 1;
+    const nextBuild = versions.versionJson
+      ? versions.versionJson.android.build + 1
+      : parseInt(currentBuild, 10) + 1;

-      const actualBuild = parseInt(versions.ios.build);
+      const actualBuild = parseInt(versions.ios.build, 10);

-      const actualBuild = parseInt(versions.android.versionCode);
+      const actualBuild = parseInt(versions.android.versionCode, 10);

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (platform === PLATFORMS.IOS || platform === PLATFORMS.BOTH) {
	const currentBuild = versions.ios.build;
	const nextBuild = versions.versionJson
	? versions.versionJson.ios.build + 1
	: parseInt(currentBuild) + 1;
	const lastDeployed = versions.versionJson
	? getTimeAgo(versions.versionJson.ios.lastDeployed)
	: 'Unknown';
	console.log(
	`${CONSOLE_SYMBOLS.APPLE} iOS Version: ${versions.ios.version}`,
	);
	console.log(`${CONSOLE_SYMBOLS.APPLE} iOS Build: ${versions.ios.build}`);
	console.log(
	`${CONSOLE_SYMBOLS.APPLE} iOS Build: ${currentBuild} → ${nextBuild}`,
	);
	console.log(`${CONSOLE_SYMBOLS.APPLE} Last iOS Deploy: ${lastDeployed}`);
	}
	if (platform === PLATFORMS.ANDROID || platform === PLATFORMS.BOTH) {
	const currentBuild = versions.android.versionCode;
	const nextBuild = versions.versionJson
	? versions.versionJson.android.build + 1
	: parseInt(currentBuild) + 1;
	const lastDeployed = versions.versionJson
	? getTimeAgo(versions.versionJson.android.lastDeployed)
	: 'Unknown';
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Android Version: ${versions.android.version}`,
	);
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Android Version Code: ${versions.android.versionCode}`,
	`${CONSOLE_SYMBOLS.ANDROID} Android Version Code: ${currentBuild} → ${nextBuild}`,
	);
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Last Android Deploy: ${lastDeployed}`,
	);
	}
	// Check for potential issues
	if (versions.versionJson) {
	if (platform === PLATFORMS.IOS || platform === PLATFORMS.BOTH) {
	const jsonBuild = versions.versionJson.ios.build;
	const actualBuild = parseInt(versions.ios.build);
	if (jsonBuild !== actualBuild) {
	console.log(
	`\n${CONSOLE_SYMBOLS.WARNING} iOS build mismatch: version.json has ${jsonBuild}, but Xcode has ${actualBuild}`,
	);
	}
	}
	if (platform === PLATFORMS.ANDROID || platform === PLATFORMS.BOTH) {
	const jsonBuild = versions.versionJson.android.build;
	const actualBuild = parseInt(versions.android.versionCode);
	if (jsonBuild !== actualBuild) {
	console.log(
	`\n${CONSOLE_SYMBOLS.WARNING} Android build mismatch: version.json has ${jsonBuild}, but gradle has ${actualBuild}`,
	);
	}
	}
	if (platform === PLATFORMS.IOS || platform === PLATFORMS.BOTH) {
	const currentBuild = versions.ios.build;
	const nextBuild = versions.versionJson
	? versions.versionJson.ios.build + 1
	: parseInt(currentBuild, 10) + 1;
	const lastDeployed = versions.versionJson
	? getTimeAgo(versions.versionJson.ios.lastDeployed)
	: 'Unknown';
	console.log(
	`${CONSOLE_SYMBOLS.APPLE} iOS Version: ${versions.ios.version}`,
	);
	console.log(
	`${CONSOLE_SYMBOLS.APPLE} iOS Build: ${currentBuild} → ${nextBuild}`,
	);
	console.log(`${CONSOLE_SYMBOLS.APPLE} Last iOS Deploy: ${lastDeployed}`);
	}
	if (platform === PLATFORMS.ANDROID || platform === PLATFORMS.BOTH) {
	const currentBuild = versions.android.versionCode;
	const nextBuild = versions.versionJson
	? versions.versionJson.android.build + 1
	: parseInt(currentBuild, 10) + 1;
	const lastDeployed = versions.versionJson
	? getTimeAgo(versions.versionJson.android.lastDeployed)
	: 'Unknown';
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Android Version: ${versions.android.version}`,
	);
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Android Version Code: ${currentBuild} → ${nextBuild}`,
	);
	console.log(
	`${CONSOLE_SYMBOLS.ANDROID} Last Android Deploy: ${lastDeployed}`,
	);
	}
	// Check for potential issues
	if (versions.versionJson) {
	if (platform === PLATFORMS.IOS || platform === PLATFORMS.BOTH) {
	const jsonBuild = versions.versionJson.ios.build;
	const actualBuild = parseInt(versions.ios.build, 10);
	if (jsonBuild !== actualBuild) {
	console.log(
	`\n${CONSOLE_SYMBOLS.WARNING} iOS build mismatch: version.json has ${jsonBuild}, but Xcode has ${actualBuild}`,
	);
	}
	}
	if (platform === PLATFORMS.ANDROID || platform === PLATFORMS.BOTH) {
	const jsonBuild = versions.versionJson.android.build;
	const actualBuild = parseInt(versions.android.versionCode, 10);
	if (jsonBuild !== actualBuild) {
	console.log(
	`\n${CONSOLE_SYMBOLS.WARNING} Android build mismatch: version.json has ${jsonBuild}, but gradle has ${actualBuild}`,
	);
	}
	}

🧰 Tools

🪛 GitHub Check: lint

[warning] 405-405:
Missing radix parameter

---

[warning] 395-395:
Missing radix parameter

---

[warning] 375-375:
Missing radix parameter

---

[warning] 357-357:
Missing radix parameter

🤖 Prompt for AI Agents

In app/scripts/mobile-deploy-confirm.cjs between lines 353 and 411, all parseInt
calls are missing the radix parameter, which can cause unexpected parsing
results. Update each parseInt call by adding the radix parameter 10 to
explicitly specify decimal parsing, for example, change parseInt(currentBuild)
to parseInt(currentBuild, 10).

[hackertron]

closes : https://linear.app/selfprotocol/issue/SEL-485/implement-manual-tagging-and-release-system

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (4)

app/scripts/release.sh (1)

48-54: Use pushd/popd (or cd … || exit) and a trap to guarantee directory rollback

Blindly cd .. on success paths leaks state if the script aborts midway (e.g. Fastlane failure).
Minimal hardening:

-pushd .. >/dev/null
-… fastlane …
-popd >/dev/null
+pushd .. >/dev/null
+bundle exec fastlane ios sync_version
+bundle exec fastlane android sync_version
+popd >/dev/null || true

Or wrap in trap 'cd "$OLDPWD"' ERR EXIT.

app/scripts/generate-changelog.sh (1)

38-57: HASH is unused – drop it to silence SC2034 & speed loop

-    HASH=$(echo "$line" | cut -d' ' -f1)
-    MESSAGE=$(echo "$line" | cut -d' ' -f2-)
+    MESSAGE=$(echo "$line" | cut -d' ' -f2-)

No later logic references the hash.

.github/workflows/mobile-deploy.yml (1)

941-956: Shellcheck: quote expansions & avoid repeated redirections

Minor, but keeps logs clean and avoids globbing surprises. Example:

-git log --pretty=format:"- %s" ${PREV_TAG}..HEAD --no-merges | grep -v "^- Merge" >> release_notes.md
+git log --pretty=format:"- %s" "${PREV_TAG}..HEAD" --no-merges | grep -v '^- Merge' >> release_notes.md

.github/MOBILE_DEPLOYMENT.md (1)

30-37: Add language identifier to fenced diagram block (MD040)

-``` 
+```text

Ensures markdown renderers and linters recognise it.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74412f8 and d7f991a.

📒 Files selected for processing (6)

• .github/MOBILE_DEPLOYMENT.md (1 hunks)
• .github/workflows/mobile-deploy.yml (9 hunks)
• app/README.md (1 hunks)
• app/package.json (1 hunks)
• app/scripts/generate-changelog.sh (1 hunks)
• app/scripts/release.sh (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• app/package.json

🧰 Additional context used

🧠 Learnings (1)

📓 Common learnings

Learnt from: transphorm
PR: selfxyz/self#636
File: app/ios/Podfile:14-14
Timestamp: 2025-06-30T15:27:13.795Z
Learning: React Native 0.80 supports iOS 15.1 as the minimum deployment target, not iOS 16.0. This allows for broader device compatibility while still being compatible with the React Native 0.80 upgrade.

🧬 Code Graph Analysis (1)

app/scripts/generate-changelog.sh (1)

contracts/scripts/constants.ts (1)

• log (68-74)

🪛 Shellcheck (0.10.0)

app/scripts/generate-changelog.sh

[warning] 39-39: HASH appears unused. Verify use (or export if used externally).

(SC2034)

🪛 YAMLlint (1.37.1)

.github/workflows/mobile-deploy.yml

[error] 69-69: trailing spaces

(trailing-spaces)

---

[error] 424-424: trailing spaces

(trailing-spaces)

---

[error] 429-429: trailing spaces

(trailing-spaces)

---

[error] 434-434: trailing spaces

(trailing-spaces)

---

[error] 727-727: trailing spaces

(trailing-spaces)

---

[error] 732-732: trailing spaces

(trailing-spaces)

---

[error] 737-737: trailing spaces

(trailing-spaces)

---

[error] 883-883: trailing spaces

(trailing-spaces)

---

[error] 902-902: trailing spaces

(trailing-spaces)

---

[error] 907-907: trailing spaces

(trailing-spaces)

---

[error] 909-909: trailing spaces

(trailing-spaces)

---

[error] 917-917: trailing spaces

(trailing-spaces)

---

[error] 926-926: trailing spaces

(trailing-spaces)

---

[error] 934-934: trailing spaces

(trailing-spaces)

---

[error] 943-943: trailing spaces

(trailing-spaces)

---

[error] 946-946: trailing spaces

(trailing-spaces)

---

[error] 950-950: trailing spaces

(trailing-spaces)

---

[error] 956-956: trailing spaces

(trailing-spaces)

---

[error] 961-961: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.7)

.github/workflows/mobile-deploy.yml

880-880: job "create-release-tags" needs job "update-version-files" which does not exist in this workflow

(job-needs)

---

883-883: property "update-version-files" is not defined in object type {build-android: {outputs: {}; result: string}; build-ios: {outputs: {}; result: string}}

(expression)

---

900-900: shellcheck reported issue in this script: SC2002:style:4:15: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead

(shellcheck)

---

900-900: shellcheck reported issue in this script: SC2002:style:5:17: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead

(shellcheck)

---

900-900: shellcheck reported issue in this script: SC2002:style:6:21: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead

(shellcheck)

---

941-941: shellcheck reported issue in this script: SC2086:info:11:34: Double quote to prevent globbing and word splitting

(shellcheck)

---

941-941: shellcheck reported issue in this script: SC2129:style:16:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

---

941-941: shellcheck reported issue in this script: SC2086:info:22:30: Double quote to prevent globbing and word splitting

(shellcheck)

---

966-966: the runner of "softprops/action-gh-release@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 markdownlint-cli2 (0.17.2)

.github/MOBILE_DEPLOYMENT.md

30-30: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

🔇 Additional comments (3)

app/scripts/release.sh (1)

87-96: Interactive prompt blocks non-interactive runners

read -r response will hang if the script ever lands in CI or GitHub Actions. Guard with -t or an env flag (CI, CI_RELEASE_AUTO=yes).

.github/workflows/mobile-deploy.yml (1)

425-447: GitHub Actions expression syntax will resolve to empty on workflow_dispatch

Inside a run script you’re interpolating:

DEPLOYMENT_TRACK="${{ inputs.deployment_track || 'internal' }}"

inputs.* only exists for reusable workflows (workflow_call). For workflow_dispatch runs this becomes "" → shell variable empty. Use conditional env mapping, e.g.:

env:
  DEPLOYMENT_TRACK: ${{ github.event.inputs.deployment_track || 'internal' }}
  VERSION_BUMP:    ${{ github.event.inputs.version_bump    || 'build' }}
  TEST_MODE:       ${{ github.event.inputs.test_mode       || false }}

and reference $DEPLOYMENT_TRACK in the script.

app/README.md (1)

186-208: Links to scripts/version.cjs assume CJS path; confirm it exists post-refactor

Multiple quick-commands reference node scripts/version.cjs. If that helper moved to app/scripts/ along with the other utilities, docs will drift.

[coderabbitai]

🛠️ Refactor suggestion

Avoid useless cat & rely on jq directly

Shellcheck SC2002: the subshell can be simplified, reads faster and one process less:

-CURRENT_VERSION=$(cat package.json | jq -r .version)
+CURRENT_VERSION=$(jq -r '.version' package.json)

Same pattern reappears for NEW_VERSION.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Get current version
	CURRENT_VERSION=$(cat package.json | jq -r .version)
	echo "Current version: $CURRENT_VERSION"
	# Get current version
	CURRENT_VERSION=$(jq -r '.version' package.json)
	echo "Current version: $CURRENT_VERSION"

🤖 Prompt for AI Agents

In app/scripts/release.sh around lines 36 to 38, the use of `cat` to read
package.json before piping to jq is unnecessary and inefficient. Replace `cat
package.json | jq -r .version` with `jq -r .version package.json` to eliminate
the useless cat and improve performance. Apply the same change to the assignment
of NEW_VERSION elsewhere in the script.

[coderabbitai]

⚠️ Potential issue

Add -u and -o pipefail to make the script fail fast on unset vars & pipe errors

set -e alone won’t catch (a) unset variables or (b) failures masked by a pipe.
Recommend:

-set -e
+set -euo pipefail

This avoids subtle CI ghosts when an env-var is missing or a jq/grep in a pipe fails silently.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	set -e
	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color
	set -euo pipefail
	# Colors for output
	RED='\033[0;31m'
	GREEN='\033[0;32m'
	YELLOW='\033[1;33m'
	NC='\033[0m' # No Color

🤖 Prompt for AI Agents

In app/scripts/release.sh around lines 6 to 12, the script uses 'set -e' but
lacks '-u' and '-o pipefail' options, which means it won't fail on unset
variables or errors in piped commands. Update the 'set' command to 'set -euo
pipefail' to ensure the script fails fast on unset variables and pipe errors,
improving reliability and error detection.

[coderabbitai]

⚠️ Potential issue

Gracefully handle missing version.json

The script hard-fails if the file is absent or malformed. Consider:

-CHANGELOG="${CHANGELOG}### 📱 Deployment Info\n"
-CHANGELOG="${CHANGELOG}- iOS Build: $(cat version.json | jq -r .ios.build)\n"
-CHANGELOG="${CHANGELOG}- Android Build: $(cat version.json | jq -r .android.build)\n"
+if [ -f version.json ]; then
+  CHANGELOG+="### 📱 Deployment Info\n"
+  CHANGELOG+="- iOS Build: $(jq -r '.ios.build' version.json)\n"
+  CHANGELOG+="- Android Build: $(jq -r '.android.build' version.json)\n"
+fi

Prevents CI from exploding on first release where version.json isn’t yet committed.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Add deployment info
	CHANGELOG="${CHANGELOG}### 📱 Deployment Info\n"
	CHANGELOG="${CHANGELOG}- iOS Build: $(cat version.json | jq -r .ios.build)\n"
	CHANGELOG="${CHANGELOG}- Android Build: $(cat version.json | jq -r .android.build)\n"
	# Add deployment info
	if [ -f version.json ]; then
	CHANGELOG+="### 📱 Deployment Info\n"
	CHANGELOG+="- iOS Build: $(jq -r '.ios.build' version.json)\n"
	CHANGELOG+="- Android Build: $(jq -r '.android.build' version.json)\n"
	fi

🤖 Prompt for AI Agents

In app/scripts/generate-changelog.sh around lines 76 to 80, the script assumes
version.json exists and is well-formed, causing failure if missing or malformed.
Add a check to verify if version.json exists and is valid before reading it. If
the file is missing or invalid, skip adding iOS and Android build info to the
changelog or add a placeholder message, ensuring the script continues gracefully
without error.

[coderabbitai]

⚠️ Potential issue

needs: update-version-files refers to a non-existent job – workflow will never run

Job earlier is declared as update-version; update the dependency & later references:

-needs: [build-ios, build-android, update-version-files]
+needs: [build-ios, build-android, update-version]
…
-if: |
-  always() && 
-  needs.update-version-files.result == 'success' &&
+if: |
+  always() && 
+  needs.update-version.result == 'success' &&

Without this fix create-release-tags is skipped and Actionlint already flags the error.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	create-release-tags:
	needs: [build-ios, build-android, update-version-files]
	if: |
	always() &&
	needs.update-version-files.result == 'success' &&
	(needs.build-ios.result == 'success' || needs.build-android.result == 'success') &&
	create-release-tags:
	needs: [build-ios, build-android, update-version]
	if: |
	always() &&
	needs.update-version.result == 'success' &&
	(needs.build-ios.result == 'success' || needs.build-android.result == 'success') &&

🧰 Tools

🪛 actionlint (1.7.7)

880-880: job "create-release-tags" needs job "update-version-files" which does not exist in this workflow

(job-needs)

---

883-883: property "update-version-files" is not defined in object type {build-android: {outputs: {}; result: string}; build-ios: {outputs: {}; result: string}}

(expression)

🪛 YAMLlint (1.37.1)

[error] 883-883: trailing spaces

(trailing-spaces)

🤖 Prompt for AI Agents

In .github/workflows/mobile-deploy.yml around lines 880 to 885, the job
dependency 'needs: update-version-files' is incorrect because the actual job
name is 'update-version'. Update all references from 'update-version-files' to
'update-version' to fix the dependency and ensure the 'create-release-tags' job
runs correctly.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

.github/workflows/mobile-deploy.yml (1)

881-886: Critical: Fix job dependency reference

The job dependency references update-version-files but the actual job name is update-version. This will prevent the release tagging job from ever running.

This matches the previous review comment about the same issue. Apply the suggested fix:

-    needs: [build-ios, build-android, update-version-files]
+    needs: [build-ios, build-android, update-version]

-      needs.update-version-files.result == 'success' &&
+      needs.update-version.result == 'success' &&

🧹 Nitpick comments (3)

.github/workflows/mobile-deploy.yml (1)

939-974: Enhance changelog generation and consider security implications

The changelog generation is basic but functional. However, consider these improvements:

1. The changelog includes all commits since the previous tag, which might expose sensitive information
2. No validation of the generated content
3. The script assumes a specific git log format

Consider using the dedicated changelog generation script mentioned in the AI summary:

-          # Generate simple changelog
-          echo "## What's Changed" > release_notes.md
-          echo "" >> release_notes.md
-
-          if [ -n "$PREV_TAG" ]; then
-            git log --pretty=format:"- %s" ${PREV_TAG}..HEAD --no-merges | grep -v "^- Merge" >> release_notes.md
-          else
-            echo "Initial release" >> release_notes.md
-          fi
+          # Use dedicated changelog generation script
+          chmod +x app/scripts/generate-changelog.sh
+          ./app/scripts/generate-changelog.sh > release_notes.md

app/fastlane/Fastfile (2)

141-141: Minor: Consider removing trailing commas for Ruby style consistency

Static analysis flagged trailing commas in method calls. While not critical, removing them would improve code style consistency.

-        skip_waiting_for_build_processing: false,
+        skip_waiting_for_build_processing: false

Apply similar changes to the other flagged lines for consistency.

Also applies to: 148-148, 169-169, 325-325, 411-411

---

414-422: Review nested error handling complexity

The error handling block has 4 levels of nesting, which reduces readability. Consider extracting the error handling to a helper method.

private_lane :handle_play_store_upload_error do |error|
  if error.message.include?("forbidden") || error.message.include?("403") || error.message.include?("insufficientPermissions")
    UI.error("❌ Play Store upload failed: Insufficient permissions")
    UI.error("Please fix permissions in Google Play Console")
    UI.important("Build saved at: #{android_aab_path}")
  else
    raise error
  end
end

Then use it in the upload block:

begin
  upload_to_play_store(...)
rescue => e
  handle_play_store_upload_error(e)
end

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d7f991a and 58bd8e4.

📒 Files selected for processing (4)

• .github/workflows/mobile-deploy.yml (4 hunks)
• app/fastlane/Fastfile (7 hunks)
• app/package.json (1 hunks)
• app/version.json (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• app/package.json

🚧 Files skipped from review as they are similar to previous changes (1)

• app/version.json

🧰 Additional context used

🪛 RuboCop (1.76.1)

app/fastlane/Fastfile

[convention] 141-141: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 148-148: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 169-169: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 325-325: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 411-411: Avoid comma after the last parameter of a method call.

(Style/TrailingCommaInArguments)

---

[convention] 414-421: Avoid more than 3 levels of block nesting.

(Metrics/BlockNesting)

🪛 actionlint (1.7.7)

.github/workflows/mobile-deploy.yml

880-880: job "create-release-tags" needs job "update-version-files" which does not exist in this workflow

(job-needs)

---

883-883: property "update-version-files" is not defined in object type {build-android: {outputs: {}; result: string}; build-ios: {outputs: {}; result: string}}

(expression)

---

966-966: the runner of "softprops/action-gh-release@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🔇 Additional comments (8)

.github/workflows/mobile-deploy.yml (4)

51-69: LGTM: Well-structured workflow inputs for flexible deployment configuration

The addition of deployment_track and version_bump inputs provides good flexibility for different deployment scenarios. The choice constraints and default values are appropriate.

---

70-90: LGTM: Comprehensive workflow_call interface supports automation

The workflow_call inputs properly expose all necessary parameters for automated deployment, including the auto_deploy and test_mode flags that enable safe testing and CI/CD integration.

---

424-448: LGTM: Dynamic deployment configuration with proper parameter passing

The iOS deployment step correctly uses the new input parameters to configure the Fastlane deployment. The conditional logic for test mode is well-implemented.

---

727-751: LGTM: Consistent Android deployment configuration

The Android deployment follows the same pattern as iOS, maintaining consistency across platforms with proper parameter handling.

app/fastlane/Fastfile (4)

102-172: LGTM: Well-structured iOS deploy_auto lane with comprehensive configuration

The new iOS deployment lane provides excellent flexibility with version bump handling, deployment track mapping, and test mode support. The logic flow from version management through build to notification is well-organized.

---

302-338: LGTM: Consistent Android deploy_auto implementation

The Android deployment lane mirrors the iOS implementation well, maintaining consistency across platforms. The version management integration and Play Store track mapping are handled appropriately.

---

401-426: Excellent error handling for Play Store permission issues

The enhanced error handling for Play Store uploads is a significant improvement. The specific handling of permission errors (403, forbidden, insufficientPermissions) provides clear feedback to developers and gracefully degrades when permissions are insufficient.

---

434-449: LGTM: Enhanced Slack notifications with deployment context

The updated Slack notifications now include deployment track information and consistent messaging format. The emoji usage and deploy source identification improve the user experience.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Verify git tag creation logic and handle potential conflicts

The tag creation logic looks generally sound, but consider these potential issues:

1. The script creates tags without checking if they already exist remotely
2. Concurrent deployments could create conflicting tags
3. No rollback mechanism if tag pushing fails

---

🏁 Script executed:

#!/bin/bash
# Check if there are any existing tag creation patterns in the repository
echo "Searching for existing tag creation patterns..."
rg -A 5 -B 5 "git tag" --type yml --type sh

echo "Checking for tag cleanup or rollback mechanisms..."
rg -A 3 -B 3 "tag.*delete|delete.*tag" --type yml --type sh

Length of output: 379

---

I couldn’t detect any matches because ripgrep didn’t recognize the yml type. Let’s retry using globbing to cover both YAML and shell files:

---

🏁 Script executed:

#!/bin/bash
echo "Searching for existing tag creation patterns..."
rg -A 5 -B 5 "git tag" --glob '*.yml' --glob '*.yaml' --glob '*.sh'

echo "Checking for tag cleanup or rollback mechanisms..."
rg -A 3 -B 3 -e "tag.*delete" -e "delete.*tag" --glob '*.yml' --glob '*.yaml' --glob '*.sh'

Length of output: 1008

---

Ensure robust git tag creation and conflict handling

I noticed the workflow’s tag logic and a parallel app/scripts/release.sh both create and push Git tags without fully guarding against existing remote tags or handling failures. To tighten this up:

• In .github/workflows/mobile-deploy.yml (lines 899–937):

• Fetch remote tags first:

  git fetch --tags origin

• Check remote existence before local tagging:

  if ! git ls-remote --exit-code --tags origin "v${VERSION}" >/dev/null; then
    git tag -a "v${VERSION}" -m "Release ${VERSION}"
  else
    echo "⏭️  Remote tag v${VERSION} already exists"
  fi

• Push only new tags instead of --tags (to avoid pushing stale or orphaned tags):

  git push origin v${VERSION}${TAG_NAMES:+ $TAG_NAMES}

• In app/scripts/release.sh:

• Wrap the git tag -a "v${NEW_VERSION}"… in a pre-check (either git tag -l or git ls-remote) to prevent duplicate‐tag errors.
• After git push, verify success (|| exit 1) and, on failure, consider deleting any tags you just created to keep the local repo clean:

  git push origin v${NEW_VERSION} || {
    git tag -d v${NEW_VERSION}
    echo "❌ Push failed, cleaned up local tag" >&2
    exit 1
  }

• Handling concurrency:

• Two runners won’t see each other’s tags, so consider a simple lock file in your CI cache or serialize the deploy job to prevent racing.

These changes will prevent conflicts from duplicate or remote‐existing tags and ensure failed pushes don’t leave orphaned tags behind.

🤖 Prompt for AI Agents

In .github/workflows/mobile-deploy.yml lines 899 to 937, improve git tag
creation by first fetching remote tags with 'git fetch --tags origin' and
checking for remote tag existence using 'git ls-remote' before creating local
tags to avoid duplicates. Replace the unconditional 'git push origin --tags'
with pushing only the newly created tags explicitly to prevent pushing stale or
orphaned tags. Additionally, in app/scripts/release.sh, add pre-checks for
existing tags before creating new ones, and after pushing tags, verify success
and delete local tags if the push fails to keep the repo clean. Consider adding
concurrency controls like a lock file or serializing deploy jobs to avoid race
conditions between parallel runners.

[coderabbitai]

⚠️ Potential issue

Update deprecated GitHub Action version

The softprops/action-gh-release@v1 action version is outdated and may not work on current GitHub runners.

-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Create GitHub Release
	uses: softprops/action-gh-release@v1
	with:
	tag_name: v${{ steps.changelog.outputs.version }}
	name: Release ${{ steps.changelog.outputs.version }}
	body_path: ${{ env.APP_PATH }}/release_notes.md
	draft: false
	prerelease: false
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Create GitHub Release
	uses: softprops/action-gh-release@v2
	with:
	tag_name: v${{ steps.changelog.outputs.version }}
	name: Release ${{ steps.changelog.outputs.version }}
	body_path: ${{ env.APP_PATH }}/release_notes.md
	draft: false
	prerelease: false
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

🧰 Tools

🪛 actionlint (1.7.7)

966-966: the runner of "softprops/action-gh-release@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

In .github/workflows/mobile-deploy.yml around lines 965 to 974, the GitHub
Action softprops/action-gh-release@v1 is deprecated and may not function
properly on current runners. Update the action version to the latest stable
release, such as softprops/action-gh-release@v2 or the newest available version,
by changing the uses line accordingly to ensure compatibility and support.

[transphorm]

do we have an sample changelog?

[transphorm]

nit: did we want to keep this markdown readme in a hidden folder? or should we move it to the project root or create a "docs" folder

[hackertron]

I have kept it in folder structure since it's relevant to that folder but i agree we can move it to docs too or atleast internal docs. i have put the same markdown in notion too