Add one-click release workflow for cuda-pathfinder#1626
Add one-click release workflow for cuda-pathfinder#1626cpcloud wants to merge 1 commit intoNVIDIA:mainfrom
Conversation
|
Auto-sync is disabled for ready for review pull requests in this repository. Workflows must be run manually. Contributors can view more details about this message here. |
mdboom
left a comment
There was a problem hiding this comment.
I'm generally in favor of this kind of automation and anything that makes it harder to make mistakes in a multi-step process.
I think this suffers from the same race condition problem as #1610. Alice visits GitHub website to make a release ... Bob merges a PR ... The release now has Bob's PR, which wasn't intended. Requiring the user to provide a git hash from which to make the release would help a lot here. Since (if I'm reading this correctly) this workflow doesn't actually push new commits to main (only tags), it should be ok if Bob continues to work while this workflow is running and not cause this workflow to fail.
|
Good point. I'll add that as a required input for now. I wonder if there's a way to make this work. We can of course alter our dev workflow, which might be the only way to reasonably achieve full automation here. |
|
@mdboom Thanks for the callout - this concern was valid. I updated the release workflow to require an explicit So merges to |
ea4be69 to
4a2ab03
Compare
Require an explicit release commit, pin tagging and artifact selection to that commit's CI run, and keep publish jobs independent of repo checkout state. Also streamline retry handling and reduce successful-run output to the docs link. Co-authored-by: Cursor <cursoragent@cursor.com>
9fcd74f to
8e7f26b
Compare
Replaces the manual release checklist for cuda-pathfinder with a single
workflow_dispatchthat takes a version number.Pipeline
prepare→docs→publish-testpypi→verify-testpypi→publish-pypi→verify-pypi→finalizeupload-assetsruns in parallel with the publish chain (attached to the draftrelease with
--clobber).The verify jobs install the package in a fresh venv and assert
__version__matches -- replacing the manual
pip install+ import step. If TestPyPIverification fails, PyPI publish never runs.
Notable choices
ci/tools/lookup-run-idandci/tools/download-wheelsunmodifiedworkflow_dispatchinputs flow throughenv:to prevent shell injection