Skip to content

chore: new deploy flow#358

Merged
Danil42Russia merged 1 commit into
masterfrom
danil42russia/new_deploy
Jun 30, 2026
Merged

chore: new deploy flow#358
Danil42Russia merged 1 commit into
masterfrom
danil42russia/new_deploy

Conversation

@Danil42Russia

@Danil42Russia Danil42Russia commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Issue

Closes #

Checklist

Please ensure the following items are completed before requesting review:

  • Updated CHANGELOG.md with relevant changes
  • Documented the contribution in README.md
  • Added tests to demonstrate correct behavior (both positive and negative cases)
  • All tests pass successfully (yarn test)
  • Code passes linting checks (yarn lint)

Summary by CodeRabbit

  • New Features
    • Releases are now automatically published when a version tag is pushed, and a GitHub Release is created at the same time.
  • Chores
    • Updated automated checks to run only on the primary branch for pushes and pull requests.
    • Simplified release automation by consolidating tag-based publishing into a single workflow.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Removes the branch-push publish.yml workflow and adds a new deploy.yml workflow triggered by version tags (vMAJOR.MINOR.PATCH). The new workflow has a publish job (validates version, builds, publishes to npm with OIDC provenance) and a dependent release job (creates a GitHub Release). QA workflow branch filters are updated from main/develop to master.

Changes

Deploy & QA Workflow Replacement

Layer / File(s) Summary
New tag-based deploy workflow
.github/workflows/deploy.yml, .github/workflows/publish.yml
publish.yml (branch-push triggered) is deleted. deploy.yml is added, triggered on vMAJOR.MINOR.PATCH tags, with a publish job (version/tag validation, Corepack, Yarn immutable install, npm publish with OIDC provenance) and a dependent release job (gh release create with autogenerated notes).
QA branch filter update
.github/workflows/qa.yaml
push and pull_request triggers updated from main/develop to master.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 A tag is pushed, the rabbit cheers,
No more branch-watching, calm replaces fears.
npm publish with provenance neat,
A GitHub release, the workflow complete.
Hop to master, QA follows too! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description matches the template but leaves the issue number and checklist items as placeholders. Fill in the actual issue number and replace checklist placeholders with the real completed status or brief supporting notes.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and correctly points to the deploy flow change.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch danil42russia/new_deploy

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@Danil42Russia
Danil42Russia merged commit e481aae into master Jun 30, 2026
4 of 5 checks passed

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy.yml:
- Around line 8-10: The workflow concurrency on the deploy job is cancelling
in-progress runs, which can interrupt a release after npm publishing has already
succeeded. Update the concurrency settings in the deploy workflow so tag-based
publish/release runs are not cancelled mid-flight, and keep the job that
publishes via npm and then creates the GitHub release protected from
duplicate-run cancellation; use the deploy workflow’s concurrency block to
locate the change.
- Around line 4-6: The deploy workflow tag filter is using regex-style syntax in
a GitHub Actions glob field, so the current pattern will not match normal
release tags. Update the `push.tags` filter in the deploy workflow to use a glob
pattern such as `v*.*.*` instead, and keep the version validation in the later
job step unchanged. Use the existing `push` trigger section in the workflow to
locate and adjust the tag matcher.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 47f8518a-dfad-47e7-8347-78d3e1d09aad

📥 Commits

Reviewing files that changed from the base of the PR and between d2eca1f and 0028741.

📒 Files selected for processing (3)
  • .github/workflows/deploy.yml
  • .github/workflows/publish.yml
  • .github/workflows/qa.yaml
💤 Files with no reviewable changes (1)
  • .github/workflows/publish.yml

Comment on lines +4 to +6
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '\n== Workflow snippet ==\n'
git ls-files .github/workflows/deploy.yml
wc -l .github/workflows/deploy.yml
sed -n '1,40p' .github/workflows/deploy.yml

printf '\n== Search for release/version tags and workflow docs references ==\n'
rg -n 'v\[0-9\]\+|tags:|push:' .github/workflows/deploy.yml .github -g '!**/*.png' -g '!**/*.jpg' -g '!**/*.svg' || true

Repository: ton-org/blueprint

Length of output: 1657


🌐 Web query:

GitHub Actions tag filters glob patterns regex quantifiers documentation refs tags pattern syntax

💡 Result:

GitHub Actions workflow triggers do not use full regular expressions (regex) [1]. Instead, they use a specific set of glob pattern syntax for tags (and branches) filters [2][3][4]. Key points regarding the pattern syntax: - Glob Patterns: The system supports standard glob characters, which are documented in the official GitHub Actions workflow syntax references [2][3][4]. - Supported Characters: - *: Matches zero or more characters, but does not match the forward slash (/) [4][5]. - ``: Matches zero or more of any character, including slashes [4][5]. - ?: Matches zero or one of the preceding character (not a standard wildcard for "any single character" in this context) [5]. - `+`: Matches one or more of the preceding character [5]. - `[...]`: Matches one alphanumeric character listed in the brackets or included in ranges (e.g., `[a-z0-9]`) [5]. - `!`: When placed at the start of a pattern, it negates the pattern, excluding the ref [4][6][5]. - YAML Special Characters: Characters like `*`, `[`, and `!` are special in YAML [7][5]. If a pattern begins with one of these, you must enclose the entire pattern in quotes (e.g., `'*pattern'`) to prevent YAML parsing errors [4][7][5]. - Literal Matches: If you need to match a character literally that is otherwise used as a special pattern character, you must escape it with a backslash (``) [2][3][4]. - Exclusion: You cannot use both inclusive (`tags`) and exclusive (`tags-ignore`) keywords for the same event [2][3]. To both include and exclude, use the `tags` keyword with the `!` operator for exclusions [2][6]. Order matters: matching a positive pattern after a negative one will re-include the ref [6].

Citations:


🌐 Web query:

site:docs.github.com GitHub Actions workflow syntax + one or more preceding character tags pattern matching

💡 Result:

In GitHub Actions, workflow triggers for push events can be filtered using the tags keyword, which supports glob pattern matching to target specific tags [1][2]. Key points for tags pattern matching: Pattern Support: The tags keyword accepts glob patterns including characters like ,, +,?, and! [1][2]. The wildcard, for instance, can be used to match any sequence of characters within a tag name (e.g., v1.) [3]. The! character is used for exclusion; however, if you use! to exclude a tag, you must also define at least one inclusion pattern within the same tags block [1][4]. Constraint: You cannot use the tags and tags-ignore keywords simultaneously for the same event in a single workflow [1][2]. If you need to both include and exclude tags, use only the tags keyword with the! operator [1][5]. Literal Matching: If your tag names contain any of the special glob characters (,, +,?,!), you must escape them with a backslash () to perform a literal match [1][6]. Example Configuration: on: push: tags: - v1.* - '!v1.0-beta*' # Matches all v1. tags except those starting with v1.0-beta - release- When using these filters, the workflow will trigger only when a push event involves a tag that matches the inclusion criteria (after accounting for any exclusions) [1][2].

Citations:


🌐 Web query:

site:docs.github.com/actions workflow syntax tags glob pattern [0-9]+ semver

💡 Result:

GitHub Actions workflow tag filters use glob patterns to match tag names, but they do not natively support Semantic Versioning (SemVer) ranges or advanced regex-style character classes like [0-9]+ [1]. Key points regarding tag filtering in GitHub Actions: 1. Supported Patterns: The on.push.tags and on.push.tags-ignore keywords support standard glob patterns, including the following wildcards [1]: * *: Matches zero or more characters, excluding the directory separator. *: Matches zero or more directories or characters. *?: Matches exactly one character. * +: Used for pattern matching within the context of the supported glob library. !: Used to exclude specific patterns. 2. Lack of Native SemVer/Regex Support: The system interprets these filters as glob patterns, not as Semantic Versioning ranges or regular expressions. Consequently, a syntax like [0-9]+ is not treated as a numeric character class. If you use square brackets in a pattern, they are generally interpreted as literal characters rather than regex quantifiers, unless specifically handled by the underlying glob implementation as a character set (which is not standard across all GitHub Actions glob contexts). 3. Handling Special Characters: If a tag name actually contains characters used by the glob syntax (e.g., ,?, or!), you must escape them with a backslash () to match them literally [1]. 4. Workaround: Since native SemVer ranges are not supported in the workflow YAML trigger filters, the common approach is to use a broad glob pattern (e.g., v) to trigger the workflow on all version tags, and then perform specific SemVer validation or range checking using a conditional expression (the if keyword) or a dedicated step within the job itself. Example of a broad trigger: on: push: tags: - 'v' # Triggers on all tags starting with 'v' Conditional logic inside the job: jobs: build: if: startsWith(github.ref, 'refs/tags/v1.') runs-on: ubuntu-latest steps:..., top_results=[1]}];]

Citations:


🌐 Web query:

site:docs.github.com/actions '+' pattern literal workflow syntax glob

💡 Result:

In the context of GitHub Actions workflow syntax, the plus sign (+) is treated as a special glob pattern character when used in filters for branches or tags (e.g., in on.<push|pull_request>.branches or tags) [1][2]. Because it is a wildcard character used to match branch or tag names, it is not interpreted literally. To use a plus sign as a literal character in these patterns, you must escape it using a backslash () [1][2]. For example, if you have a branch named "feature+test" and want to match it specifically, you would define the pattern as: branches: - 'feature+test' If the plus sign is not escaped, the system will attempt to treat it as part of the glob matching logic rather than as the literal character '+'. This escaping requirement applies to other special glob characters as well, such as *,,?, and! [1][2].

Citations:


🌐 Web query:

site:docs.github.com/actions tags filter plus literal character github actions workflow syntax

💡 Result:

In GitHub Actions workflows, the tags filter supports glob patterns by default, which means special characters like ,, +,?, and! are treated as functional operators rather than literal characters [1][2]. To use a literal character that is also a glob special character (such as matching a tag named v1 where the * is part of the name rather than a wildcard), you must escape the character using a backslash () [1][2]. For example, to match a tag named v1* exactly, your configuration would look like this: on: push: tags: - v1* This ensures the asterisk is treated as a literal part of the tag name rather than a wildcard operator [1][2].

Citations:


🌐 Web query:

site:github.com/github/docs workflow syntax tags pattern plus literal

💡 Result:

In GitHub Actions workflows, the tags keyword is used under the on.push event to filter which pushed tags trigger a workflow run [1]. When defining these filters, you can use either literal strings for exact matches or glob patterns to match multiple tags [2][3]. Key considerations for tag pattern syntax include: Pattern Matching: You can use wildcards such as * (matches zero or more characters, excluding slashes) and (matches zero or more characters, including slashes) to create flexible patterns [2]. Literal Matches: If a tag name contains characters that are also used as glob wildcards (like *, [, or!), you must escape them with a backslash () if you intend for them to be treated as literals [3]. YAML Special Characters: Certain characters, including , [, and!, have special meaning in YAML [2][3]. If your pattern begins with any of these characters, you must enclose the entire pattern in quotes (e.g., '' or '[v1]') to prevent YAML parsing errors [2][3]. Flow Sequences: If you are using a YAML flow sequence (e.g., - [ 'tag1', 'tag2' ]) and the pattern contains square brackets, the entire pattern must be enclosed in quotes to ensure correct interpretation [4][3]. For example, to match any tag starting with v1., you would use: on: push: tags: - 'v1.' To match a specific tag that contains special characters literally, escape them: on: push: tags: - 'v1.0[beta]'

Citations:


Fix the tag filter; it is using regex syntax in a glob field.

GitHub Actions tags filters use glob matching, so v[0-9]+.[0-9]+.[0-9]+ won’t match normal release tags like v0.44.2. Use a glob such as v*.*.* instead; the version is already checked later in the job.

Suggested fix
 on:
   push:
     tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
+      - "v*.*.*"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
push:
tags:
- "v[0-9]+.[0-9]+.[0-9]+"
on:
push:
tags:
- "v*.*.*"
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/deploy.yml around lines 4 - 6, The deploy workflow tag
filter is using regex-style syntax in a GitHub Actions glob field, so the
current pattern will not match normal release tags. Update the `push.tags`
filter in the deploy workflow to use a glob pattern such as `v*.*.*` instead,
and keep the version validation in the later job step unchanged. Use the
existing `push` trigger section in the workflow to locate and adjust the tag
matcher.

Comment on lines +8 to +10
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🗄️ Data Integrity & Integration | 🟠 Major | ⚡ Quick win

Do not cancel in-progress runs around npm publish.

This workflow publishes to npm before creating the GitHub release. If a second run for the same tag cancels the first after npm publish succeeds, the retry will fail on the already-published version and the release step never runs, leaving npm and GitHub out of sync.

Suggested fix
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  cancel-in-progress: false

Also applies to: 58-59

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/deploy.yml around lines 8 - 10, The workflow concurrency
on the deploy job is cancelling in-progress runs, which can interrupt a release
after npm publishing has already succeeded. Update the concurrency settings in
the deploy workflow so tag-based publish/release runs are not cancelled
mid-flight, and keep the job that publishes via npm and then creates the GitHub
release protected from duplicate-run cancellation; use the deploy workflow’s
concurrency block to locate the change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants