Adjust release GitHub workflow for v8#33843
Conversation
|
Failed to publish canary version of this pull request, triggered by @yannbf. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/21992635208 |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a publish workflow guide, a composite GitHub Action to set up Node.js and install dependencies, and restructures the publish CI to add a PR-driven canary publishing job, separate normal publish logic, and explicit canary failure reporting. Changes
Sequence Diagram(s)sequenceDiagram
participant Trigger as Workflow Dispatcher
participant GH as GitHub API
participant Action as Setup Node & Install Action
participant Registry as Package Registry / GitHub Releases
participant PR as Pull Request
rect rgba(100,150,200,0.5)
Note over Trigger,PR: Canary Release Flow
Trigger->>GH: workflow_dispatch (PR id)
GH->>GH: Validate actor & fetch PR details (head SHA, branch, fork)
GH->>Action: Checkout PR branch & run composite setup
Action->>Registry: Publish canary (set canary version, tag v8-canary)
Registry-->>GH: Return release metadata or error
GH->>PR: Update PR body with canary release info
GH->>PR: On failure -> Post failure comment
end
rect rgba(200,150,100,0.5)
Note over Trigger,Registry: Main Release Flow
Trigger->>GH: push to `v8` branch (push event)
GH->>Action: Checkout & run composite setup
Action->>Registry: Create normal release (CURRENT_VERSION, changelog)
Registry-->>GH: GitHub Release created
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/publish.yml (1)
112-139:⚠️ Potential issue | 🟠 Major
steps.is-prereleaseis referenced but never defined.This makes prerelease handling and Sentry environment selection unreliable (actionlint flags it). Add a step that sets the output, or remove the conditional usage.
🛠️ Add a prerelease detection step
@@ - name: Get changelog for ${{ steps.version.outputs.current-version }} if: steps.publish-needed.outputs.published == 'false' id: changelog run: yarn release:get-changelog-from-file ${{ steps.version.outputs.current-version }} + - name: Determine prerelease + id: is-prerelease + run: | + if [[ "${{ steps.version.outputs.current-version }}" == *-* ]]; then + echo "prerelease=true" >> "$GITHUB_OUTPUT" + else + echo "prerelease=false" >> "$GITHUB_OUTPUT" + fi
🤖 Fix all issues with AI agents
In @.github/workflows/publish.md:
- Around line 5-13: Fix the typo in the branch placeholder by changing
`hotfix/v<next-patcn-release-version>` to
`hotfix/v<next-patch-release-version>`, and update the referenced job name
`publish-normal` so it matches the actual job name used in the workflow (replace
`publish-normal` with the workflow's real job id/name); ensure both the branch
placeholder and the job name are corrected in the steps that mention them (steps
3 and 8 for the branch, and the step mentioning `publish-normal`).
In @.github/workflows/publish.yml:
- Around line 149-245: The publish-canary job is broken because the step named
"Setup Node.js and Install Dependencies" references a missing local action
./.github/actions/setup-node-and-install and fork PRs can run in the Release
environment (exposing secrets); update the job to guard against forks by adding
a condition that the PR is not a fork (use the existing step output
steps.info.outputs.isFork and require it equals 'false' on the publish-canary
job or at minimum on the publish and release-related steps), and replace the
missing setup action in the "Setup Node.js and Install Dependencies" step with
standard setup commands (e.g., use actions/setup-node@v4 to set Node and then
run yarn install / yarn build) so the step actually runs; ensure the job still
uses the Checkout step (id: info) and the Set version / Publish steps
(working-directory: scripts) unchanged except for the fork guard.
| 1. `git checkout v8` | ||
| 2. `git pull` | ||
| 3. `git checkout -b hotfix/v<next-patch-release-version>` | ||
| 4. Apply necessary hotfixes | ||
| 5. `yarn release:version --deferred --release-type patch --verbose && git add . && git commit -m "Bump deferred version"` | ||
| 6. Trigger canary release via dispatching the workflow for `publish-canary` | ||
| 7. Test the canary release | ||
| 8. Merge `hotfix/v<next-patcn-release-version>` into `v8` | ||
| 9. Observe the `publish-normal` job No newline at end of file |
There was a problem hiding this comment.
Fix typo and align job name with the workflow.
The branch name placeholder has a typo (patcn → patch), and “publish-normal” doesn’t match the actual job name in the workflow.
✏️ Suggested doc fixes
@@
-8. Merge `hotfix/v<next-patcn-release-version>` into `v8`
-9. Observe the `publish-normal` job
+8. Merge `hotfix/v<next-patch-release-version>` into `v8`
+9. Observe the `publish` job📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| 1. `git checkout v8` | |
| 2. `git pull` | |
| 3. `git checkout -b hotfix/v<next-patch-release-version>` | |
| 4. Apply necessary hotfixes | |
| 5. `yarn release:version --deferred --release-type patch --verbose && git add . && git commit -m "Bump deferred version"` | |
| 6. Trigger canary release via dispatching the workflow for `publish-canary` | |
| 7. Test the canary release | |
| 8. Merge `hotfix/v<next-patcn-release-version>` into `v8` | |
| 9. Observe the `publish-normal` job | |
| 1. `git checkout v8` | |
| 2. `git pull` | |
| 3. `git checkout -b hotfix/v<next-patch-release-version>` | |
| 4. Apply necessary hotfixes | |
| 5. `yarn release:version --deferred --release-type patch --verbose && git add . && git commit -m "Bump deferred version"` | |
| 6. Trigger canary release via dispatching the workflow for `publish-canary` | |
| 7. Test the canary release | |
| 8. Merge `hotfix/v<next-patch-release-version>` into `v8` | |
| 9. Observe the `publish` job |
🧰 Tools
🪛 LanguageTool
[grammar] ~12-~12: Ensure spelling is correct
Context: ...ry7. Test the canary release 8. Mergehotfix/vintov8` 9. Observe ...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
🤖 Prompt for AI Agents
In @.github/workflows/publish.md around lines 5 - 13, Fix the typo in the branch
placeholder by changing `hotfix/v<next-patcn-release-version>` to
`hotfix/v<next-patch-release-version>`, and update the referenced job name
`publish-normal` so it matches the actual job name used in the workflow (replace
`publish-normal` with the workflow's real job id/name); ensure both the branch
placeholder and the job name are corrected in the steps that mention them (steps
3 and 8 for the branch, and the step mentioning `publish-normal`).
| publish-canary: | ||
| name: Publish canary version | ||
| runs-on: ubuntu-latest | ||
| if: | | ||
| github.repository_owner == 'storybookjs' && | ||
| github.event_name == 'workflow_dispatch' && | ||
| contains(github.event.head_commit.message, '[skip ci]') != true | ||
| environment: Release | ||
| steps: | ||
| - name: Fail if triggering actor is not administrator | ||
| uses: prince-chrismc/check-actor-permissions-action@87c6d9b36c730377858fd9719fbbac1b58fa678d | ||
| with: | ||
| permission: admin | ||
|
|
||
| - name: Get pull request information | ||
| id: info | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || github.event.pull_request.number }} | ||
| REPOSITORY: ${{ github.repository }} | ||
| run: | | ||
| PR_INFO=$(gh pr view "$PR_NUMBER" --repo "$REPOSITORY" --json isCrossRepository,headRefOid,headRefName,headRepository,headRepositoryOwner --jq '{isFork: .isCrossRepository, owner: .headRepositoryOwner.login, repoName: .headRepository.name, branch: .headRefName, sha: .headRefOid}') | ||
| echo $PR_INFO | ||
| # Loop through each key-value pair in PR_INFO and set as step output | ||
| for key in $(echo "$PR_INFO" | jq -r 'keys[]'); do | ||
| value=$(echo "$PR_INFO" | jq -r ".$key") | ||
| echo "$key=$value" >> "$GITHUB_OUTPUT" | ||
| done | ||
| echo "repository=$(echo "$PR_INFO" | jq -r ".owner")/$(echo "$PR_INFO" | jq -r ".repoName")" >> $GITHUB_OUTPUT | ||
| echo "shortSha=$(echo "$PR_INFO" | jq -r ".sha" | cut -c 1-8)" >> $GITHUB_OUTPUT | ||
| echo "date=$(date)" >> $GITHUB_OUTPUT | ||
| echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT | ||
|
|
||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| repository: ${{ steps.info.outputs.isFork == 'true' && steps.info.outputs.repository || null }} | ||
| ref: ${{ steps.info.outputs.sha }} | ||
| token: ${{ secrets.GH_TOKEN }} | ||
|
|
||
| - name: Setup Node.js and Install Dependencies | ||
| uses: ./.github/actions/setup-node-and-install | ||
| with: | ||
| install-code-deps: true | ||
|
|
||
| - name: Set version | ||
| id: version | ||
| working-directory: scripts | ||
| env: | ||
| PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || github.event.pull_request.number }} | ||
| SHORT_SHA: ${{ steps.info.outputs.shortSha }} | ||
| run: | | ||
| yarn release:version --exact "0.0.0-pr-$PR_NUMBER-sha-$SHORT_SHA" --verbose | ||
|
|
||
| - name: Publish v${{ steps.version.outputs.next-version }} | ||
| working-directory: scripts | ||
| run: yarn release:publish --tag v8-canary --verbose | ||
|
|
||
| - name: Replace Pull Request Body | ||
| uses: ivangabriele/find-and-replace-pull-request-body@042438c6cbfbacf6a4701d6042f59b1f73db2fd8 | ||
| with: | ||
| githubToken: ${{ secrets.GH_TOKEN }} | ||
| prNumber: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || '' }} | ||
| find: "CANARY_RELEASE_SECTION" | ||
| isHtmlCommentTag: true | ||
| replace: | | ||
| This pull request has been released as version `${{ steps.version.outputs.next-version }}`. Try it out in a new sandbox by running `npx storybook@${{ steps.version.outputs.next-version }} sandbox` or in an existing project with `npx storybook@${{ steps.version.outputs.next-version }} upgrade`. | ||
| <details> | ||
| <summary>More information</summary> | ||
|
|
||
| | | | | ||
| | --- | --- | | ||
| | **Published version** | [`${{ steps.version.outputs.next-version }}`](https://npmjs.com/package/storybook/v/${{ steps.version.outputs.next-version }}) | | ||
| | **Triggered by** | @${{ github.triggering_actor }} | | ||
| | **Repository** | [${{ steps.info.outputs.repository }}](https://github.com/${{ steps.info.outputs.repository }}) | | ||
| | **Branch** | [`${{ steps.info.outputs.branch }}`](https://github.com/${{ steps.info.outputs.repository }}/tree/${{ steps.info.outputs.branch }}) | | ||
| | **Commit** | [`${{ steps.info.outputs.shortSha }}`](https://github.com/${{ steps.info.outputs.repository }}/commit/${{ steps.info.outputs.sha }}) | | ||
| | **Datetime** | ${{ steps.info.outputs.date }} (`${{ steps.info.outputs.timestamp }}`) | | ||
| | **Workflow run** | [${{ github.run_id }}](https://github.com/storybookjs/storybook/actions/runs/${{ github.run_id }}) | | ||
|
|
||
| To request a new release of this pull request, mention the `@storybookjs/core` team. | ||
|
|
||
| _core team members can create a new canary release [here](https://github.com/storybookjs/storybook/actions/workflows/publish.yml) or locally with `gh workflow run --repo storybookjs/storybook publish.yml --field pr=${{ github.event_name == 'workflow_dispatch' && inputs.pr || github.event.pull_request.number }}`_ | ||
| </details> | ||
|
|
||
| - name: Create failing comment on PR | ||
| if: failure() | ||
| env: | ||
| GH_TOKEN: ${{ secrets.GH_TOKEN }} | ||
| PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || github.event.pull_request.number }} | ||
| REPOSITORY: ${{ github.repository }} | ||
| TRIGGERING_ACTOR: ${{ github.triggering_actor }} | ||
| RUN_ID: ${{ github.run_id }} | ||
| run: | | ||
| gh pr comment "$PR_NUMBER"\ | ||
| --repo "$REPOSITORY"\ | ||
| --body "Failed to publish canary version of this pull request, triggered by @$TRIGGERING_ACTOR. See the failed workflow run at: https://github.com/$REPOSITORY/actions/runs/$RUN_ID" |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Search for secret/token usage in publish workflow
rg -n -C2 "NPM_TOKEN|NODE_AUTH_TOKEN|SENTRY_AUTH_TOKEN|GH_TOKEN|GITHUB_TOKEN" .github workflowsRepository: storybookjs/storybook
Length of output: 14452
🏁 Script executed:
#!/bin/bash
# Find release:publish script definition
rg -n -C2 "release:publish" package.jsonRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Inspect the setup-node-and-install action
find .github/actions -name "setup-node-and-install" -type dRepository: storybookjs/storybook
Length of output: 115
🏁 Script executed:
#!/bin/bash
# Check if there's a .npmrc or similar config that might use tokens
find .github -name ".npmrc" -o -name ".yarnrc*" | head -20Repository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Look at the entire setup-node-and-install action implementation
ls -la .github/actions/setup-node-and-install/ 2>/dev/null || echo "Not found as directory"Repository: storybookjs/storybook
Length of output: 87
🏁 Script executed:
#!/bin/bash
# Search for setup-node-and-install definition and usage
find . -name "setup-node-and-install*" 2>/dev/nullRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Search for the full publish-canary job in publish.yml to see if NPM_TOKEN is set
cat .github/workflows/publish.yml | grep -A 100 "publish-canary:" | head -120Repository: storybookjs/storybook
Length of output: 5548
🏁 Script executed:
#!/bin/bash
# Search for NPM_TOKEN or YARN_NPM_AUTH_TOKEN setup in publish.yml
rg -n "NPM_TOKEN|YARN_NPM_AUTH_TOKEN" .github/workflows/publish.ymlRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Look for where the setup-node-and-install is implemented (could be inline)
rg -n "setup-node-and-install" .github/workflows/publish.yml -A 5Repository: storybookjs/storybook
Length of output: 238
🏁 Script executed:
#!/bin/bash
# Search for .npmrc or npm credential configuration
rg -n "\.npmrc|npm.*config|yarn.*config" .github/workflows/publish.ymlRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Search for setup-node-and-install in .github directory
find .github -type f -name "*setup*" 2>/dev/null | head -20Repository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Search more broadly in .github
find .github -type f \( -name "*.yml" -o -name "*.yaml" -o -name "*.sh" \) 2>/dev/null | grep -i setupRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# List .github contents
ls -la .github/ 2>/dev/nullRepository: storybookjs/storybook
Length of output: 568
🏁 Script executed:
#!/bin/bash
# Look for action.yml or action.yaml in .github subdirectories
find .github -name "action.yml" -o -name "action.yaml" 2>/dev/nullRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Check if setup-node-and-install is used elsewhere
rg -n "setup-node-and-install" .Repository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Check canary-release-pr.yml for how it does setup
cat .github/workflows/canary-release-pr.yml | grep -A 20 "Setup Node"Repository: storybookjs/storybook
Length of output: 744
🏁 Script executed:
#!/bin/bash
# Search for any NPM_TOKEN or authentication setup in the entire workflows directory
rg -n "NPM_TOKEN|YARN_NPM_AUTH_TOKEN|npm.*auth|\.npmrc" . --type yamlRepository: storybookjs/storybook
Length of output: 47
🏁 Script executed:
#!/bin/bash
# Verify the exact state of publish.yml around line 190
sed -n '185,210p' .github/workflows/publish.ymlRepository: storybookjs/storybook
Length of output: 1149
🏁 Script executed:
#!/bin/bash
# Check if the action reference is valid - list all action references in the file
rg -n "uses:" .github/workflows/publish.ymlRepository: storybookjs/storybook
Length of output: 578
🏁 Script executed:
#!/bin/bash
# Check Release environment secrets configuration
rg -n "environment:" .github/workflows/publish.yml -A 3Repository: storybookjs/storybook
Length of output: 570
🏁 Script executed:
#!/bin/bash
# Verify the admin permission check and fork checkout logic
sed -n '149,190p' .github/workflows/publish.ymlRepository: storybookjs/storybook
Length of output: 2124
🏁 Script executed:
#!/bin/bash
# Verify the workflow would actually fail due to missing action
ls -la .github/actions/ 2>&1 || echo "Actions directory missing"Repository: storybookjs/storybook
Length of output: 154
🏁 Script executed:
#!/bin/bash
# Double-check: search entire repo for setup-node-and-install definition
find . -type f -name "*setup*node*install*" 2>/dev/nullRepository: storybookjs/storybook
Length of output: 47
Critical: Workflow is broken AND fork PRs can access Release environment secrets
The publish-canary job references a non-existent action ./.github/actions/setup-node-and-install (line 190), which will cause the workflow to fail immediately. Additionally, the job executes fork PR code in the Release environment with access to all Release environment secrets (GH_TOKEN, NPM_TOKEN, SENTRY_AUTH_TOKEN, etc.). The admin permission check only verifies the triggering actor, not the code being executed.
Block fork PRs from reaching the publish step:
Guard canary releases against fork PRs
- name: Get pull request information
id: info
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
PR_NUMBER: ${{ github.event_name == 'workflow_dispatch' && inputs.pr || github.event.pull_request.number }}
REPOSITORY: ${{ github.repository }}
run: |
PR_INFO=$(gh pr view "$PR_NUMBER" --repo "$REPOSITORY" --json isCrossRepository,headRefOid,headRefName,headRepository,headRepositoryOwner --jq '{isFork: .isCrossRepository, owner: .headRepositoryOwner.login, repoName: .headRepository.name, branch: .headRefName, sha: .headRefOid}')
echo $PR_INFO
# Loop through each key-value pair in PR_INFO and set as step output
for key in $(echo "$PR_INFO" | jq -r 'keys[]'); do
value=$(echo "$PR_INFO" | jq -r ".$key")
echo "$key=$value" >> "$GITHUB_OUTPUT"
done
echo "repository=$(echo "$PR_INFO" | jq -r ".owner")/$(echo "$PR_INFO" | jq -r ".repoName")" >> $GITHUB_OUTPUT
echo "shortSha=$(echo "$PR_INFO" | jq -r ".sha" | cut -c 1-8)" >> $GITHUB_OUTPUT
echo "date=$(date)" >> $GITHUB_OUTPUT
echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
+ - name: Block fork PRs for canary releases
+ if: steps.info.outputs.isFork == 'true'
+ run: |
+ echo "Fork PRs are not eligible for canary releases."
+ exit 1Also fix the missing .github/actions/setup-node-and-install action reference or replace with standard setup steps from canary-release-pr.yml.
🤖 Prompt for AI Agents
In @.github/workflows/publish.yml around lines 149 - 245, The publish-canary job
is broken because the step named "Setup Node.js and Install Dependencies"
references a missing local action ./.github/actions/setup-node-and-install and
fork PRs can run in the Release environment (exposing secrets); update the job
to guard against forks by adding a condition that the PR is not a fork (use the
existing step output steps.info.outputs.isFork and require it equals 'false' on
the publish-canary job or at minimum on the publish and release-related steps),
and replace the missing setup action in the "Setup Node.js and Install
Dependencies" step with standard setup commands (e.g., use actions/setup-node@v4
to set Node and then run yarn install / yarn build) so the step actually runs;
ensure the job still uses the Checkout step (id: info) and the Set version /
Publish steps (working-directory: scripts) unchanged except for the fork guard.
|
Failed to publish canary version of this pull request, triggered by @yannbf. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/21993102879 |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/actions/setup-node-and-install/action.yml:
- Around line 22-31: The restore-keys list in the "Cache dependencies" step for
actions/cache@v4 contains a redundant first entry identical to the primary key;
remove that duplicate restore-key so only the fallback restore-keys remain (the
lines starting with yarn-v1-${{ hashFiles('scripts/yarn.lock') }} and yarn-v1).
Edit the restore-keys block in the Cache dependencies step to drop the entry
matching the primary key while keeping the other, more general fallback keys to
allow proper cache fallback behavior.
🧹 Nitpick comments (3)
.github/workflows/setup-node-and-install/action.yml (2)
22-31: Cache key prefixyarn-v1-is misleading; also redundant restore key.Two issues with the cache configuration:
The cache key prefix
yarn-v1-suggests Yarn Classic, but the cache path~/.yarn/berry/cacheis for Yarn Berry (v2+). Based on learnings, the project uses Yarn 4.9.1 — consider renaming toyarn-berry-oryarn-v4-for clarity.Line 29's restore key is identical to the primary key on line 27, making it redundant — restore keys are only used when the primary key misses.
Suggested fix
- name: Cache dependencies uses: actions/cache@v4 with: path: | ~/.yarn/berry/cache - key: yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} + key: yarn-berry-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} restore-keys: | - yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} - yarn-v1-${{ hashFiles('scripts/yarn.lock') }} - yarn-v1 + yarn-berry-${{ hashFiles('scripts/yarn.lock') }} + yarn-berry
18-20:npm@latestintroduces non-determinism.Pinning to a specific npm version (or removing this step if npm isn't required) would improve build reproducibility. If the latest npm is intentionally desired for CI, consider adding a comment explaining why.
.github/actions/setup-node-and-install/action.yml (1)
18-20: Consider pinning npm version for reproducible builds.Using
npm@latestcould introduce unexpected behavior if npm releases a breaking change. Pinning to a specific version (e.g.,npm@10) would make builds more deterministic.
| - name: Cache dependencies | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: | | ||
| ~/.yarn/berry/cache | ||
| key: yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} | ||
| restore-keys: | | ||
| yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} | ||
| yarn-v1-${{ hashFiles('scripts/yarn.lock') }} | ||
| yarn-v1 |
There was a problem hiding this comment.
Redundant restore-key on line 29.
The first restore-key is identical to the primary key. Restore-keys are only consulted when the primary key doesn't match exactly, so this entry is never used.
Proposed fix
key: yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }}
restore-keys: |
- yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }}
yarn-v1-${{ hashFiles('scripts/yarn.lock') }}
yarn-v1📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| - name: Cache dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.yarn/berry/cache | |
| key: yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} | |
| restore-keys: | | |
| yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} | |
| yarn-v1-${{ hashFiles('scripts/yarn.lock') }} | |
| yarn-v1 | |
| - name: Cache dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.yarn/berry/cache | |
| key: yarn-v1-${{ hashFiles('scripts/yarn.lock') }}-${{ hashFiles('code/yarn.lock') }} | |
| restore-keys: | | |
| yarn-v1-${{ hashFiles('scripts/yarn.lock') }} | |
| yarn-v1 |
🤖 Prompt for AI Agents
In @.github/actions/setup-node-and-install/action.yml around lines 22 - 31, The
restore-keys list in the "Cache dependencies" step for actions/cache@v4 contains
a redundant first entry identical to the primary key; remove that duplicate
restore-key so only the fallback restore-keys remain (the lines starting with
yarn-v1-${{ hashFiles('scripts/yarn.lock') }} and yarn-v1). Edit the
restore-keys block in the Cache dependencies step to drop the entry matching the
primary key while keeping the other, more general fallback keys to allow proper
cache fallback behavior.
|
Failed to publish canary version of this pull request, triggered by @yannbf. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/21993199270 |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/workflows/publish.yml:
- Around line 201-204: The canary publish step (the job named "Publish v${{
steps.version.outputs.next-version }}" that runs `yarn release:publish --tag
v8-canary --verbose`) is missing NPM authentication; add an env block to that
step setting YARN_NPM_AUTH_TOKEN to the repo secret (e.g. YARN_NPM_AUTH_TOKEN:
${{ secrets.YARN_NPM_AUTH_TOKEN }}), so the `yarn release:publish` command can
authenticate and succeed.
🧹 Nitpick comments (1)
.github/workflows/publish.yml (1)
110-137: Remove stalesteps.is-prereleasereferences. Line 126 and Line 137 reference a step ID that doesn’t exist in this workflow, so the prerelease flag can never evaluate true. Either add the step back or key offIS_PRERELEASE.🔧 Suggested cleanup
- ${{ steps.is-prerelease.outputs.prerelease == 'true' && '--prerelease' || '' }} + ${{ env.IS_PRERELEASE == 'true' && '--prerelease' || '' }} ... - environment: ${{ steps.is-prerelease.outputs.prerelease == 'true' && 'prerelease' || 'latest' }} + environment: ${{ env.IS_PRERELEASE == 'true' && 'prerelease' || 'latest' }}
|
Failed to publish canary version of this pull request, triggered by @yannbf. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/21994770581 |
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/publish.yml (1)
91-138:⚠️ Potential issue | 🟠 MajorDefine
is-prereleasebefore it’s referenced.
steps.is-prereleaseis used in the GitHub Release and Sentry steps, but no step defines that id. This matches the actionlint error and will cause prerelease handling to be wrong or always false. Add a step to compute it (or remove the references if not needed).🛠️ Suggested fix (compute prerelease from version)
- name: Get current version id: version run: yarn release:get-current-version + + - name: Determine prerelease + id: is-prerelease + run: | + if [[ "${{ steps.version.outputs.current-version }}" == *-* ]]; then + echo "prerelease=true" >> "$GITHUB_OUTPUT" + else + echo "prerelease=false" >> "$GITHUB_OUTPUT" + fi
|
Failed to publish canary version of this pull request, triggered by @yannbf. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/21995978760 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Failure
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In @.github/workflows/publish.yml:
- Around line 125-128: The workflow references
steps.is-prerelease.outputs.prerelease in the environment assignment for the
release step but no step defines id: is-prerelease, so add a step that
determines prerelease status (e.g., a step with id: is-prerelease that sets an
output named prerelease based on tag or semver parsing) and ensure it exports
boolean/string output used by the release step, or else simplify the release
step to use a fixed value (replace steps.is-prerelease.outputs.prerelease with a
literal like 'true'/'false' or remove the conditional) so the environment
assignment for the release step uses a valid output; locate the reference in the
release step and add the new step id: is-prerelease (or update the conditional)
accordingly.
🧹 Nitpick comments (1)
.github/workflows/publish.yml (1)
140-144: Dead condition:head_commit.messageis undefined forworkflow_dispatch.The condition
contains(github.event.head_commit.message, '[skip ci]')will never match forworkflow_dispatchevents becausegithub.event.head_commitdoesn't exist in that context. This makes the check redundant (always false → condition passes).♻️ Simplify the condition
if: | github.repository_owner == 'storybookjs' && - github.event_name == 'workflow_dispatch' && - contains(github.event.head_commit.message, '[skip ci]') != true + github.event_name == 'workflow_dispatch'
| with: | ||
| release: ${{ steps.version.outputs.current-version }} | ||
| environment: ${{ steps.is-prerelease.outputs.prerelease == 'true' && 'prerelease' || 'latest' }} | ||
|
|
There was a problem hiding this comment.
Undefined step reference will cause incorrect Sentry environment.
Line 127 references steps.is-prerelease.outputs.prerelease, but no step with id: is-prerelease exists in this job. The condition will always evaluate to falsy, causing all releases to use the 'latest' environment regardless of whether they're prereleases.
🔧 Proposed fix: Add is-prerelease step or use hardcoded value
If prerelease detection is needed, add a step to determine it:
+ - name: Check if prerelease
+ id: is-prerelease
+ env:
+ CURRENT_VERSION: ${{ steps.version.outputs.current-version }}
+ run: |
+ if [[ "$CURRENT_VERSION" == *"-"* ]]; then
+ echo "prerelease=true" >> $GITHUB_OUTPUT
+ else
+ echo "prerelease=false" >> $GITHUB_OUTPUT
+ fi
+
- name: Create Sentry releaseAlternatively, if v8 releases are never prereleases, simplify to:
- environment: ${{ steps.is-prerelease.outputs.prerelease == 'true' && 'prerelease' || 'latest' }}
+ environment: latest🧰 Tools
🪛 actionlint (1.7.10)
[error] 127-127: property "is-prerelease" is not defined in object type {changelog: {conclusion: string; outcome: string; outputs: {string => string}}; publish-needed: {conclusion: string; outcome: string; outputs: {string => string}}; version: {conclusion: string; outcome: string; outputs: {string => string}}}
(expression)
🤖 Prompt for AI Agents
In @.github/workflows/publish.yml around lines 125 - 128, The workflow
references steps.is-prerelease.outputs.prerelease in the environment assignment
for the release step but no step defines id: is-prerelease, so add a step that
determines prerelease status (e.g., a step with id: is-prerelease that sets an
output named prerelease based on tag or semver parsing) and ensure it exports
boolean/string output used by the release step, or else simplify the release
step to use a fixed value (replace steps.is-prerelease.outputs.prerelease with a
literal like 'true'/'false' or remove the conditional) so the environment
assignment for the release step uses a valid output; locate the reference in the
release step and add the new step id: is-prerelease (or update the conditional)
accordingly.
|
Failed to publish canary version of this pull request, triggered by @valentinpalkovic. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/22054956409 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Failure
|
Failed to publish canary version of this pull request, triggered by @valentinpalkovic. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/22055467670 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Failure
|
Failed to publish canary version of this pull request, triggered by @valentinpalkovic. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/22055967765 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Failure
|
Failed to publish canary version of this pull request, triggered by @valentinpalkovic. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/22056584196 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Failure
|
Failed to publish canary version of this pull request, triggered by @valentinpalkovic. See the failed workflow run at: https://github.com/storybookjs/storybook/actions/runs/22056733221 |
valentinpalkovic
had a problem deploying
to
Release
GitHub Actions
Error
valentinpalkovic
temporarily deployed
to
Release
GitHub Actions
Inactive
4 participants
Closes #
What I did
Checklist for Contributors
Testing
The changes in this PR are covered in the following automated tests:
Manual testing
Caution
This section is mandatory for all contributions. If you believe no manual test is necessary, please state so explicitly. Thanks!
Documentation
MIGRATION.MD
Checklist for Maintainers
When this PR is ready for testing, make sure to add
ci:normal,ci:mergedorci:dailyGH label to it to run a specific set of sandboxes. The particular set of sandboxes can be found incode/lib/cli-storybook/src/sandbox-templates.tsMake sure this PR contains one of the labels below:
Available labels
bug: Internal changes that fixes incorrect behavior.maintenance: User-facing maintenance tasks.dependencies: Upgrading (sometimes downgrading) dependencies.build: Internal-facing build tooling & test updates. Will not show up in release changelog.cleanup: Minor cleanup style change. Will not show up in release changelog.documentation: Documentation only changes. Will not show up in release changelog.feature request: Introducing a new feature.BREAKING CHANGE: Changes that break compatibility in some way with current major version.other: Changes that don't fit in the above categories.🦋 Canary release
This pull request has been released as version
0.0.0-pr-33843-sha-99db7e4e. Try it out in a new sandbox by runningnpx storybook@0.0.0-pr-33843-sha-99db7e4e sandboxor in an existing project withnpx storybook@0.0.0-pr-33843-sha-99db7e4e upgrade.More information
0.0.0-pr-33843-sha-99db7e4ev8-release-fixes99db7e4e1771323142)To request a new release of this pull request, mention the
@storybookjs/coreteam.core team members can create a new canary release here or locally with
gh workflow run --repo storybookjs/storybook publish.yml --field pr=33843Summary by CodeRabbit
Documentation
New Features
Chores