chore: release nightlies from of release branch

[Adam-Aghili]

in preperation for the new release cycle strategy we will move the nightly to be run off the latest release branch.

One caveat worth documenting: When we create the release branch we need to bump the verions for base and main immediately or else the ngihtly will run off the branch but will use a preveious release tag

I also do not know how to deal with merge-hash-history-to-main in this case

Summary by CodeRabbit

• Bug Fixes

  • Improved nightly version detection robustness when existing nightly builds are unavailable on package repositories.
  • Enhanced error handling in release tagging and version detection processes.

• Chores

  • Refactored nightly build CI/CD workflows for improved naming consistency and maintainability.
  • Updated secrets scanning baseline configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6d1d7543-17f6-48f8-bb5a-dd3382d2de1a

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The pull request refactors the nightly build workflow to adopt "release" terminology instead of "main," introduces a new job to resolve release branches, and improves error handling in the PyPI nightly tag script by adding HTTP status validation and None checks.

Changes

Cohort / File(s)	Summary
Nightly Build Workflow .github/workflows/nightly_build.yml	Added new resolve-release-branch job; renamed main_tag output to release_tag and generate_main_tag step to generate_release_tag; updated step IDs (check_main_tag → check_release_tag); renamed workflow input nightly_tag_main to nightly_tag_release in the release-nightly-build job; updated all downstream references to needs.create-nightly-tag.outputs.release_tag across multiple jobs and steps; updated conditional blocks, Slack/PR messaging, and hash-history update flows to use new tag naming.
Secrets Baseline .secrets.baseline	Updated baseline entry line number from 322 to 347 and refreshed timestamp from 2026-03-12T02:41:29Z to 2026-03-13T15:51:48Z.
PyPI Nightly Tag Script scripts/ci/pypi_nightly_tag.py	Added res.raise_for_status() for HTTP error handling; introduced None handling for current_nightly_version to support cases where no nightly version exists on PyPI; updated build number incrementation logic to default to 0 when current_nightly_version is absent; simplified exception messaging to remove specific tag references.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
Test Coverage For New Implementations	❌ Error	PR modifies scripts/ci/pypi_nightly_tag.py with functional changes but adds no test coverage.	Add test file covering HTTP error handling, None-safety checks, build number calculation, and version handling edge cases.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Quality And Coverage	⚠️ Warning	Pull request introduces critical CI infrastructure changes without corresponding test coverage for modified Python script and workflow logic.	Add pytest unit tests for pypi_nightly_tag.py covering HTTP errors, None-handling, and build number logic; test resolve-release-branch shell logic and workflow input validation.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title mentions a grammatical error ('from of' should be 'from') and describes the main intent—adjusting nightly builds to run from release branches instead of main.
Test File Naming And Structure	✅ Passed	The custom check regarding test file naming and structure patterns is not applicable to this PR. The PR modifies only three files: .github/workflows/nightly_build.yml, .secrets.baseline, and scripts/ci/pypi_nightly_tag.py. None are test files.
Excessive Mock Usage Warning	✅ Passed	The custom check requests a review of test files for excessive mock usage, but this pull request does not modify any test files.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch aka/nightly-off-release-branch

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

You can customize the tone of the review comments and chat replies.

Configure the tone_instructions setting to customize the tone of the review comments and chat replies. For example, you can set the tone to Act like a strict teacher, Act like a pirate and more.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	24.17% (8626/35678)	16.93% (4757/28093)	16.91% (1264/7474)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
2779	0 💤	0 ❌	0 🔥	45.966s ⏱️

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 38.48%. Comparing base (67d5694) to head (01a1486).
⚠️ Report is 1 commits behind head on main.

❌ Your project status has failed because the head coverage (44.41%) is below the target coverage (60.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #12181      +/-   ##
==========================================
- Coverage   38.49%   38.48%   -0.01%     
==========================================
  Files        1630     1630              
  Lines       80456    80456              
  Branches    12152    12152              
==========================================
- Hits        30968    30966       -2     
- Misses      47738    47740       +2     
  Partials     1750     1750              

Flag	Coverage Δ
backend	57.33% <ø> (-0.01%)	⬇️
frontend	21.59% <ø> (ø)
lfx	44.41% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 4 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/nightly_build.yml:
- Around line 62-73: The "Find latest release branch" step (id get_branch) can
emit an empty BRANCH when no refs match; update the shell block to detect if
BRANCH (or branch.txt) is empty after git ls-remote and, if so, print a clear
error and exit non‑zero (e.g., echo "No release-* branch found" >&2; exit 1) so
the workflow fails fast; only write to $GITHUB_OUTPUT and continue when BRANCH
is non-empty.
- Around line 335-343: The reusable workflow call is missing the required input
nightly_tag_main used by release_nightly.yml; update the call that references
./.github/workflows/release_nightly.yml to include nightly_tag_main and set it
to the tag produced by the tag-creation job (e.g. nightly_tag_main: ${{
needs.create-nightly-tag.outputs.main_tag }}), or if the intent was to reuse
nightly_tag_release, explicitly pass nightly_tag_main: ${{
needs.create-nightly-tag.outputs.release_tag }} to satisfy
inputs.nightly_tag_main lookups in the callee.
- Around line 75-76: The validate-inputs job is currently only informational and
doesn't block downstream write jobs; make it gate the write path by adding
validate-inputs as a dependency and requiring its success before running
mutating jobs. Specifically, add validate-inputs to the needs list for jobs that
create tags or push images (e.g., include validate-inputs in the needs array
alongside resolve-release-branch for create-nightly-tag and
release-nightly-build), and change their if conditions to require
needs.validate-inputs.result == 'success' (or check a validate-inputs output
flag like needs.validate-inputs.outputs.skipped != 'true' and result ==
'success') so that create-nightly-tag and release-nightly-build will not run
when validate-inputs was skipped/failed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a3b8e621-0850-4fbd-be59-7c0de1cc0593

📥 Commits

Reviewing files that changed from the base of the PR and between 4511419 and 1fd9db5.

📒 Files selected for processing (3)

• .github/workflows/nightly_build.yml
• .secrets.baseline
• scripts/ci/pypi_nightly_tag.py

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fail fast when no release-* branch is found.

If git ls-remote returns no matches, branch is emitted as empty and the checkout on Line 92 is no longer pinned to a known release branch. This should stop with a clear error instead of silently proceeding.

🔧 Suggested fix

           BRANCH=$(cat branch.txt)
+          if [ -z "$BRANCH" ]; then
+            echo "No release-* branch found in ${{ github.repository }}"
+            exit 1
+          fi
           echo "branch=$BRANCH" >> $GITHUB_OUTPUT
           echo "Using release branch: $BRANCH"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Find latest release branch
	id: get_branch
	run: |
	git ls-remote --heads https://github.com/${{ github.repository }} 'refs/heads/release-*' \
	| awk '{print $2}' \
	| sed 's|refs/heads/||' \
	| sort -V \
	| tail -n 1 > branch.txt
	BRANCH=$(cat branch.txt)
	echo "branch=$BRANCH" >> $GITHUB_OUTPUT
	echo "Using release branch: $BRANCH"
	- name: Find latest release branch
	id: get_branch
	run: |
	git ls-remote --heads https://github.com/${{ github.repository }} 'refs/heads/release-*' \
	| awk '{print $2}' \
	| sed 's|refs/heads/||' \
	| sort -V \
	| tail -n 1 > branch.txt
	BRANCH=$(cat branch.txt)
	if [ -z "$BRANCH" ]; then
	echo "No release-* branch found in ${{ github.repository }}"
	exit 1
	fi
	echo "branch=$BRANCH" >> $GITHUB_OUTPUT
	echo "Using release branch: $BRANCH"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/nightly_build.yml around lines 62 - 73, The "Find latest
release branch" step (id get_branch) can emit an empty BRANCH when no refs
match; update the shell block to detect if BRANCH (or branch.txt) is empty after
git ls-remote and, if so, print a clear error and exit non‑zero (e.g., echo "No
release-* branch found" >&2; exit 1) so the workflow fails fast; only write to
$GITHUB_OUTPUT and continue when BRANCH is non-empty.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Make validate-inputs block the write path.

Right now it is informational only. A manual run with push_to_registry=true and either skip flag set still lets create-nightly-tag mutate tags, and release-nightly-build still passes its always() && ... != 'failure' gate because skipped is not failure.

🔧 Suggested wiring

-  create-nightly-tag:
-    if: github.repository == 'langflow-ai/langflow'
-    needs: resolve-release-branch
+  create-nightly-tag:
+    if: github.repository == 'langflow-ai/langflow'
+    needs: [validate-inputs, resolve-release-branch]
...
-  release-nightly-build:
-    if: github.repository == 'langflow-ai/langflow' && always() && needs.frontend-tests.result != 'failure' && needs.backend-unit-tests.result != 'failure' && needs.build-hash-history.result != 'failure'
+  release-nightly-build:
+    if: github.repository == 'langflow-ai/langflow' && always() && needs.validate-inputs.result == 'success' && needs.frontend-tests.result != 'failure' && needs.backend-unit-tests.result != 'failure' && needs.build-hash-history.result != 'failure'
     name: Run Nightly Langflow Build
     needs:
       [
+        validate-inputs,
         create-nightly-tag,
         frontend-tests,
         backend-unit-tests,
         build-hash-history,
       ]

Also applies to: 325-346

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/nightly_build.yml around lines 75 - 76, The
validate-inputs job is currently only informational and doesn't block downstream
write jobs; make it gate the write path by adding validate-inputs as a
dependency and requiring its success before running mutating jobs. Specifically,
add validate-inputs to the needs list for jobs that create tags or push images
(e.g., include validate-inputs in the needs array alongside
resolve-release-branch for create-nightly-tag and release-nightly-build), and
change their if conditions to require needs.validate-inputs.result == 'success'
(or check a validate-inputs output flag like
needs.validate-inputs.outputs.skipped != 'true' and result == 'success') so that
create-nightly-tag and release-nightly-build will not run when validate-inputs
was skipped/failed.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Restore the reusable workflow input contract.

.github/workflows/release_nightly.yml:26-41 still requires nightly_tag_main, so this call is invalid as written and every downstream inputs.nightly_tag_main lookup in that workflow will be empty. Either keep passing nightly_tag_main here or rename the callee in the same PR.

🔧 Minimal fix

-      nightly_tag_release: ${{ needs.create-nightly-tag.outputs.release_tag }}
+      nightly_tag_main: ${{ needs.create-nightly-tag.outputs.release_tag }}

🧰 Tools

🪛 actionlint (1.7.11)

[error] 335-335: input "nightly_tag_main" is required by "./.github/workflows/release_nightly.yml" reusable workflow

(workflow-call)

---

[error] 341-341: input "nightly_tag_release" is not defined in "./.github/workflows/release_nightly.yml" reusable workflow. defined inputs are "build_docker_base", "build_docker_ep", "build_docker_main", "build_lfx", "nightly_tag_base", "nightly_tag_lfx", "nightly_tag_main", "push_to_registry"

(workflow-call)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/nightly_build.yml around lines 335 - 343, The reusable
workflow call is missing the required input nightly_tag_main used by
release_nightly.yml; update the call that references
./.github/workflows/release_nightly.yml to include nightly_tag_main and set it
to the tag produced by the tag-creation job (e.g. nightly_tag_main: ${{
needs.create-nightly-tag.outputs.main_tag }}), or if the intent was to reuse
nightly_tag_release, explicitly pass nightly_tag_main: ${{
needs.create-nightly-tag.outputs.release_tag }} to satisfy
inputs.nightly_tag_main lookups in the callee.

[Adam-Aghili]

@jordanrfrazier I do not know how to deal with merge-hash-history-to-main now that we are moving to nightlies off release branches do you have any ideas or can you give context of the intention of merge-hash-history-to-main?