Skip to content

Add per-PR preview releases for @coralogix/protofetch#196

Merged
cx-shahar-kazaz merged 4 commits into
masterfrom
feat/pr-preview-releases
May 5, 2026
Merged

Add per-PR preview releases for @coralogix/protofetch#196
cx-shahar-kazaz merged 4 commits into
masterfrom
feat/pr-preview-releases

Conversation

@cx-shahar-kazaz
Copy link
Copy Markdown
Contributor

@cx-shahar-kazaz cx-shahar-kazaz commented May 1, 2026
edited
Loading

Summary

Adds a preview-release job that publishes a working preview of @coralogix/protofetch for every PR, mirroring the pattern used in frontops-dev/domino.

How it works:

  1. After the existing package matrix builds all platform binaries, a new job creates a GitHub prerelease tagged v0.0.0-pr.<num>.<sha>.
  2. All five platform protofetch_<target>.tar.gz files are uploaded as release assets — the URL pattern matches what getBinary.js constructs at install time, so the existing install logic works without any code changes.
  3. The wrapper package is prepared via prepare-package.js --version 0.0.0-pr.<num>.<sha>, packed with npm pack, and uploaded to the same release.
  4. A sticky PR comment posts the npm install <tarball-url> command.

One preview per PR: A delete-before-create step + concurrency group (preview-release-<pr-number>, cancel-in-progress: true) keeps each PR at exactly one active preview at any time, even with rapid pushes.

Cleanup: A companion workflow (preview-release-cleanup.yml) listens for pull_request: closed and deletes the preview release + tag. Both create-time and close-time cleanup query tags by prefix via gh api .../git/matching-refs/tags/v0.0.0-pr.<num>. — server-side filtering, so cleanup scales independently of total repo release count (no gh release list 200-cap concern).

Trigger gating: The push trigger's tags: filter now excludes -pr. tags (!v*-pr.*) so creating the preview tag doesn't re-fire CI's real release pipeline.

Tradeoffs / out of scope

  • No fork support — the job is gated to same-repo PRs (head.repo.full_name == github.repository). Fork PRs from external contributors won't get a preview. If we need that later, we can switch to a workflow_run-based design like domino's.
  • Only @coralogix/protofetch, not cx-protofetch (per request — cx-protofetch is deprecated).
  • This PR doesn't touch the existing release.yml (OIDC migration) — that's tracked in #195 and is independent.
  • Comment-update race under asymmetric matrix-runner timing is a known narrow edge case; deferred unless it bites in practice (see resolved discussion thread).

Reviewer install command

Reviewers see a comment like:

npm install https://github.com/coralogix/protofetch/releases/download/v0.0.0-pr.123.abc1234/coralogix-protofetch-0.0.0-pr.123.abc1234.tgz

That npm install triggers the wrapper's postinstallgetBinary.js → fetches the platform binary from the same release. End-to-end, the preview install behaves exactly like a real release install.

Verified end-to-end

Across 3 commits on this branch (a5b049e32f0136266ddae):

Check Result
One active preview tag at a time, not three ✅ only v0.0.0-pr.196.266ddae present after 3 commits — delete-before-create working
Release contains wrapper tgz + 5 platform binaries with correct sizes coralogix-protofetch-0.0.0-pr.196.266ddae.tgz (5.6 KB) + 5 platform tarballs (~16 MB total)
Single sticky PR comment, updated in place across runs (not duplicated) ✅ created 11:48:04Z, updated 12:21:45Z, one comment total
Install URL resolves curl → 302 → 200, content-length: 5607 matches the asset size
npm install <preview-url> works in a clean directory ✅ wrapper extracted, postinstall ran, platform binary downloaded
Installed binary executes node_modules/.bin/protofetch --versionprotofetch 0.1.15

Observed transient failure

The middle commit's run (32f0136) failed at gh release create with HTTP 403: Resource not accessible by integration. The workflow YAML at that commit was identical (same permissions: block) to the runs immediately before and after, both of which succeeded — almost certainly a transient GitHub token-issuance hiccup, not a code issue. Recovery was clean: the next commit's delete-before-create saw no leftover release for 32f0136 (because it was never created) and a5b049e's release was cleaned up correctly. End state matched what we'd get if the failed run had never happened.

This is a useful real-world data point that the design is retry-safe by constructiondelete-before-create is idempotent, so the next successful run self-heals from any partial-failure state.

Cleanup-on-close test plan

Cleanup-on-close can only be verified once this PR is closed/merged, since it triggers on pull_request: closed. After merge:

  • Confirm v0.0.0-pr.196.* tags are deleted (currently 1 active tag)
  • Confirm the cleanup workflow run completed successfully

@cx-shahar-kazaz
add per-PR preview releases for @coralogix/protofetch
a5b049e 
Creates a GitHub prerelease tagged v0.0.0-pr.<num>.<sha> on each PR with all
platform binaries plus a packed @coralogix/protofetch wrapper as release assets.
The existing getBinary.js URL pattern resolves against this tag so reviewers
can run `npm install <release-tarball-url>` and get a working install.

A sticky PR comment posts the install command. A companion cleanup workflow
deletes the preview release and tag when the PR closes.

The push.tags trigger now excludes -pr. tags so previews don't re-fire CI's
real release pipeline.
@cx-shahar-kazaz cx-shahar-kazaz requested a review from a team as a code owner May 1, 2026 11:41
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed May 1, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a5b049e42a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread .github/workflows/preview-release-cleanup.yml Outdated
Comment thread .github/workflows/ci.yml
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026
edited
Loading

📦 Preview release available

A preview build of @coralogix/protofetch has been published for commit 48fa759.

Install

npm install https://github.com/coralogix/protofetch/releases/download/v0.0.0-pr.196.48fa759/coralogix-protofetch-0.0.0-pr.196.48fa759.tgz

Details

This preview is automatically deleted when the PR is closed.

@cx-shahar-kazaz
bump action versions in preview-release job to latest
32f0136 
actions/checkout v4 → v6
actions/setup-node v4 → v6
actions/download-artifact v4 → v8
actions/github-script v7 → v9
@cx-shahar-kazaz
keep one preview release per PR and remove gh release list 200-cap
266ddae 
Switches both create-time and close-time cleanup from "list all releases and
grep" to "query tags by prefix via git/matching-refs". The matching-refs API
filters server-side, so cleanup scales independently of total repo release
count and is no longer constrained by the gh release list --limit window.

Adds a delete-before-create step in the preview-release job so each PR keeps
at most one active preview release at any time, and a concurrency group
keyed on the PR number so back-to-back commits cancel in-flight builds
instead of racing on the same release tag.
@shaharkazaz shaharkazaz mentioned this pull request May 1, 2026
Open
@cx-shahar-kazaz cx-shahar-kazaz mentioned this pull request May 5, 2026
Merged
2 tasks
cx-shahar-kazaz added a commit that referenced this pull request May 5, 2026
@cx-shahar-kazaz
Update release workflow with OIDC trusted publishing (#195)
39fdb94 
## Summary
- Switch **both** npm packages (`cx-protofetch` and
`@coralogix/protofetch`) from `NPM_TOKEN` secrets to OIDC trusted
publishing
- Add per-job `id-token: write` permission scoped to the npm jobs only
(cargo and github jobs do not request OIDC)
- Remove manual `.npmrc` token writes — npm CLI handles OIDC natively
- Add explicit `contents: write` permission to the `github` job
(required by `action-gh-release` v3)
- Update actions: `actions/checkout` v4 → v6,
`actions/download-artifact` v4 → v8, `softprops/action-gh-release` v1 →
v3

## Prerequisites before merging

Both packages need a trusted publisher entry on npmjs.com pointing at
this workflow. Workflow filename for both: `release.yml`, repo:
`coralogix/protofetch`.

- [ ] Configure trusted publisher on npmjs.com for **`cx-protofetch`**
- [ ] Configure trusted publisher on npmjs.com for
**`@coralogix/protofetch`**

## Notes
- No `--dry-run` step on PRs — `release.yml` is `workflow_call`-only and
PR validation already happens via the `test-npm-package` matrix job in
`ci.yml`. PR-level preview installs are covered separately by
[#196](#196).
- `ci.yml` still has older action versions (checkout v3,
download-artifact v4, etc.) — out of scope for this PR
@cx-shahar-kazaz cx-shahar-kazaz merged commit affe29d into master May 5, 2026
21 checks passed
@cx-shahar-kazaz cx-shahar-kazaz deleted the feat/pr-preview-releases branch May 5, 2026 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@smosca-coralogix smosca-coralogix smosca-coralogix approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cx-shahar-kazaz @smosca-coralogix