Skip to content

fix(ci): fix workflow checkout ordering, refactor drift detection#150

Merged
benminer merged 3 commits into
mainfrom
feature/fix-ci-token-checkout
Apr 14, 2026
Merged

fix(ci): fix workflow checkout ordering, refactor drift detection#150
benminer merged 3 commits into
mainfrom
feature/fix-ci-token-checkout

Conversation

@benminer
Copy link
Copy Markdown
Collaborator

@benminer benminer commented Apr 14, 2026
edited
Loading

Summary

Two sets of fixes for CI workflow reliability:

Workflow checkout ordering (release.yml, regenerate-schemas.yml)

The actions/checkout step was dependent on create-github-app-token, meaning if the token step failed, checkout was skipped and the local .github/actions/slack-post composite action was unavailable for failure notifications. This created a silent failure mode where we'd get no Slack alert on token errors.

  • Move checkout before app token generation in both release.yml and regenerate-schemas.yml
  • Configure the git remote URL with the app token after checkout via git remote set-url, preserving the app identity for pushes
  • Remove npm install -g npm@latest from release.yml — Node 22 ships with npm 10.x which already supports OIDC provenance publishing, and the self-update was failing with a promise-retry MODULE_NOT_FOUND error

Drift detection refactor (drift-detection.yml)

The drift detection workflow was sending empty Slack alerts when the script exited non-zero but produced no valid drift data (e.g. script error misinterpreted as drift). The bash/jq parsing logic had grown complex across two steps.

  • Replace the bash "Run drift detection" and "Parse drift report" steps with a single actions/github-script@v7 step
  • Use the existing report.hasDrift boolean from the script output instead of manual totalDrift string comparisons
  • Validate the drift report JSON before alerting — malformed or empty output no longer triggers a misleading "SDK API Drift Detected" message
  • Add a dedicated "Drift Detection Script Error" Slack alert for non-zero exits with invalid output
  • Add a 2-minute timeout on the drift detection subprocess

Test plan

  • Trigger release workflow and verify checkout, token generation, and changesets action succeed
  • Trigger regenerate-schemas workflow manually and verify git push uses the app token identity
  • Trigger drift-detection workflow manually and verify no false-positive Slack alert is sent
  • Simulate a token failure and verify the Slack failure notification is sent (checkout now always succeeds)

@benminer
fix(ci): move checkout before app token, remove broken npm self-update
f63e86e 
Move checkout step before create-github-app-token so the repo (and
local slack-post action) is always available, even when token generation
fails. Configure the git remote URL with the app token after checkout
instead of passing it to the checkout action.

Remove `npm install -g npm@latest` from release workflow — Node 22
ships with npm 10.x which already supports OIDC provenance publishing.
@benminer benminer requested a review from a team April 14, 2026 17:05
benminer added 2 commits April 14, 2026 12:22
@benminer
refactor(ci): replace bash/jq drift parsing with github-script
99dd9c7 
Replace the two bash steps (run + parse) with a single
actions/github-script@v7 step that runs the drift detection script,
parses the JSON output, and validates the report before alerting.

Key changes:
- Use report.hasDrift boolean instead of manual totalDrift checks
- Validate report structure before sending Slack alerts
- Add script error alert for non-zero exits with invalid output
- Add 2-minute timeout to prevent hung runners
@benminer
chore: update package-lock.json peer dependency markers
afeb99e
@benminer benminer changed the title fix(ci): move checkout before app token, remove npm self-update fix(ci): fix workflow checkout ordering, refactor drift detection Apr 14, 2026
nastassiafulconis
nastassiafulconis approved these changes Apr 14, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@nastassiafulconis nastassiafulconis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

makes sense to me!

@benminer benminer merged commit b7fe905 into main Apr 14, 2026
6 checks passed
@benminer benminer deleted the feature/fix-ci-token-checkout branch April 14, 2026 19:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nastassiafulconis nastassiafulconis nastassiafulconis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benminer @nastassiafulconis