Skip to content

Harden release-to-pypi-uv workflow and regression coverage#134

Merged
leynos merged 3 commits intopython-lib-release-actionfrom
codex/action-unresolved-comments-on-pr-#90
Sep 23, 2025
Merged

Harden release-to-pypi-uv workflow and regression coverage#134
leynos merged 3 commits intopython-lib-release-actionfrom
codex/action-unresolved-comments-on-pr-#90

Conversation

@leynos
Copy link
Copy Markdown
Owner

@leynos leynos commented Sep 23, 2025
edited by sourcery-ai Bot
Loading

Summary

  • ensure the release-to-pypi-uv composite action provisions Python before running uv, introduce a fail-on-empty input, and document the new behaviour
  • harden the release scripts by normalising confirmation input, emitting multiline outputs, accepting pre-release tags, and failing fast when Python ≥ 3.13 or uv are unavailable while improving GitHub release retries with jitter and clearer failure handling
  • expand regression coverage for the release scripts and rust-build tests, pin cmd-mox to a commit, adjust Makefile linting, and clean up documentation (closes rust-build-release action fails with podman timeout during container runtime detection #97)

Testing

  • make check-fmt
  • make typecheck
  • make lint
  • make test

https://chatgpt.com/codex/tasks/task_e_68d25eacce7c8322a4e0023a265f4a0e

Summary by Sourcery

Harden the release-to-pypi-uv workflow by provisioning Python early, adding a fail-on-empty option, normalising inputs, and supporting extended SemVer tags; introduce jittered GitHub retry logic; expand regression tests; pin dependencies and update documentation.

New Features:

  • Add fail-on-empty input to validate_toml_versions action to error on no matching files
  • Install Python early in the composite action before running uv and forward new inputs
  • Support SemVer pre-release and build metadata tags in determine_release script

Bug Fixes:

  • Normalize whitespace in confirm_release to prevent confirmation mismatches
  • Fail fast in publish_release when Python < 3.13 and uv is unavailable

Enhancements:

  • Introduce jitter and Retry-After header handling in GitHub release API retries
  • Emit multiline outputs for tag and version in determine_release for robust parsing
  • Improve runtime probing warnings and fallback behavior in rust-build-release scripts

Build:

  • Pin cmd-mox dependency to a specific commit and refine ruff fix rules in the Makefile

Documentation:

  • Document fail-on-empty behavior and early Python provisioning in README and action.yml
  • Fix spelling and behaviour consistency across documentation

Tests:

  • Expand regression tests for validate_toml_versions, determine_release, publish_release, and rust-build-release workflows

@sourcery-ai
Copy link
Copy Markdown
Contributor

sourcery-ai Bot commented Sep 23, 2025
edited
Loading

Reviewer's Guide

This PR hardens the release-to-pypi-uv workflow by provisioning Python earlier, adding a fail-on-empty input, and documenting it; refines release and tooling scripts for stricter input handling, multiline outputs, pre-release tag support, and early failure on missing runtimes; improves GitHub release retries with jitter; extends regression tests; pins cmd-mox; adjusts lint rules; and cleans up documentation.

File-Level Changes

Change Details Files
Enhance composite action inputs and workflow ordering
  • Move Python install step before uv commands
  • Introduce 'fail-on-empty' input and forward it to the validation step
  • Add a test to verify the fail-on-empty flag mapping
  • Update README to document the new input and behavior
 .github/actions/release-to-pypi-uv/action.yml
.github/actions/release-to-pypi-uv/tests/test_action_python_version.py
.github/actions/release-to-pypi-uv/README.md
Refine release scripts for stricter version and input handling
  • Implement fail_on_empty flag in validate_toml_versions and exit on no matches
  • Emit multiline output markers in determine_release
  • Allow prerelease and build metadata tags and prioritize workflow input
  • Add a pre-check for Python≥3.13 or uv availability in publish_release
  • Strip and normalize whitespace in confirm_release comparisons
 .github/actions/release-to-pypi-uv/scripts/validate_toml_versions.py
.github/actions/release-to-pypi-uv/scripts/determine_release.py
.github/actions/release-to-pypi-uv/scripts/publish_release.py
.github/actions/release-to-pypi-uv/scripts/confirm_release.py
Improve GitHub release retry logic with jitter and clearer failures
  • Introduce a sleep-with-jitter function for retry backoff
  • Respect Retry-After header to adjust delay
  • Replace plain sleep calls with jittered waits
  • Emit explicit errors on retry exhaustion via typer.Exit
 .github/actions/release-to-pypi-uv/scripts/check_github_release.py
.github/actions/release-to-pypi-uv/tests/test_check_github_release.py
Harden Rust build scripts and test probes
  • Enhance error handling in run_rust by killing and waiting on failed processes
  • Adjust runtime probe timeout warnings to omit missing durations
  • Record and assert rustup/cargo command sequences instead of failing early
 .github/actions/generate-coverage/scripts/run_rust.py
.github/actions/rust-build-release/tests/test_target_install.py
Expand regression coverage for release workflows
  • Add tests to skip virtualenv and mypy_cache directories
  • Test fail_on_empty error path for empty glob results
  • Cover determine_release input precedence and prerelease tag scenarios
  • Ensure publish_release errors when uv is unavailable
 .github/actions/release-to-pypi-uv/tests/test_validate_toml_versions.py
.github/actions/release-to-pypi-uv/tests/test_determine_release.py
.github/actions/release-to-pypi-uv/tests/test_publish_release.py
Pin dependencies and adjust lint configurations
  • Pin cmd-mox to a specific commit in pyproject.toml
  • Introduce RUFF_FIX_RULES variable and use it in the Makefile lint check
 pyproject.toml
Makefile
Clean up documentation spelling and feature docs
  • Fix behaviour/behavior spelling inconsistencies
  • Update command-mocking design and user guide for consistency
  • Document the fail-on-empty input in the composite action README
 docs/python-native-command-mocking-design.md
docs/cmd-mox-users-guide.md

Assessment against linked issues

Issue Objective Addressed Explanation
#97 Increase the timeout duration for podman container runtime checks in rust-build-release action to prevent premature failure. The PR does not modify the timeout duration for podman or docker runtime checks. No changes to the timeout value or its configuration are present in the diff.
#97 Add proper error handling for podman initialization issues in rust-build-release so that timeouts do not crash the workflow.
#97 Consider making podman detection optional or implement a fallback mechanism in rust-build-release to allow workflow continuation if podman is unavailable.
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Sep 23, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch codex/action-unresolved-comments-on-pr-#90

Comment @coderabbitai help to get the list of available commands and usage tips.

sourcery-ai[bot]
sourcery-ai Bot reviewed Sep 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

  • Introducing SystemRandom-based jitter in the retry sleeps may lead to nondeterministic behavior in tests—consider abstracting or mocking the jitter source so retry timing can be reliably asserted.
  • Switching to multi-line EOF-delimited outputs in determine_release.py could break existing consumers expecting single-line key=value pairs—either preserve backward compatibility or call out this format change in the release notes.
  • The updated SKIP_PARTS now excludes .venv, .mypy_cache, etc., by default; if your repo uses custom cache or virtual environment directories, you may need a configurable skip list or documentation warning about skipped paths.
Prompt for AI Agents 
Please address the comments from this code review:

## Overall Comments
- Introducing SystemRandom-based jitter in the retry sleeps may lead to nondeterministic behavior in tests—consider abstracting or mocking the jitter source so retry timing can be reliably asserted.
- Switching to multi-line EOF-delimited outputs in determine_release.py could break existing consumers expecting single-line key=value pairs—either preserve backward compatibility or call out this format change in the release notes.
- The updated SKIP_PARTS now excludes .venv, .mypy_cache, etc., by default; if your repo uses custom cache or virtual environment directories, you may need a configurable skip list or documentation warning about skipped paths.

## Individual Comments

### Comment 1
<location> `.github/actions/release-to-pypi-uv/README.md:22` </location>
<code_context>
 The composite action installs the interpreter requested through `python-version`
 before invoking any uv commands, ensuring builds run against the expected
-runtime.
+runtime. Set `fail-on-empty: true` when your repository must always contain at
+least one `pyproject.toml`; this will turn the default warning into a failing
+error to catch misconfigured globs.
</code_context>

<issue_to_address>
**issue (review_instructions):** This paragraph exceeds the 80 column wrapping limit for paragraphs and bullets.

Please wrap this paragraph so that no line exceeds 80 columns, as per the documentation style guide.

<details>
<summary>Review instructions:</summary>

**Path patterns:** `**/*.md`

**Instructions:**
Paragraphs and bullets must be wrapped to 80 columns

</details>
</issue_to_address>

### Comment 2
<location> `.github/actions/release-to-pypi-uv/README.md:23` </location>
<code_context>
 before invoking any uv commands, ensuring builds run against the expected
-runtime.
+runtime. Set `fail-on-empty: true` when your repository must always contain at
+least one `pyproject.toml`; this will turn the default warning into a failing
+error to catch misconfigured globs.

</code_context>

<issue_to_address>
**issue (review_instructions):** This line is part of a paragraph that exceeds the 80 column wrapping limit.

Please ensure all lines in paragraphs and bullets are wrapped to 80 columns for readability and consistency.

<details>
<summary>Review instructions:</summary>

**Path patterns:** `**/*.md`

**Instructions:**
Paragraphs and bullets must be wrapped to 80 columns

</details>
</issue_to_address>

### Comment 3
<location> `.github/actions/release-to-pypi-uv/README.md:24` </location>
<code_context>
-runtime.
+runtime. Set `fail-on-empty: true` when your repository must always contain at
+least one `pyproject.toml`; this will turn the default warning into a failing
+error to catch misconfigured globs.

 ## Outputs
</code_context>

<issue_to_address>
**issue (review_instructions):** This line is part of a paragraph that exceeds the 80 column wrapping limit.

Please wrap this paragraph so that no line exceeds 80 columns.

<details>
<summary>Review instructions:</summary>

**Path patterns:** `**/*.md`

**Instructions:**
Paragraphs and bullets must be wrapped to 80 columns

</details>
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@leynos leynos merged commit 075fda7 into python-lib-release-action Sep 23, 2025
6 of 8 checks passed
@leynos leynos deleted the codex/action-unresolved-comments-on-pr-#90 branch September 23, 2025 16:08
leynos added a commit that referenced this pull request Sep 23, 2025
@leynos
Harden release-to-pypi-uv workflow and regression coverage (#134)
a2e694b 
* Improve release validation jitter handling

* Adjust runtime fallback host triples per platform

* Make release validation deterministic and configurable
leynos added a commit that referenced this pull request Sep 24, 2025
@leynos
Harden release-to-pypi-uv workflow and regression coverage (#134)
1805b4a 
* Improve release validation jitter handling

* Adjust runtime fallback host triples per platform

* Make release validation deterministic and configurable
leynos added a commit that referenced this pull request Sep 24, 2025
@leynos @charmcrush
Add release-to-pypi-uv composite action (#90)
2f6400f 
* Add release-to-pypi-uv composite action

* Document trusted publishing permissions

* Clarify GH_TOKEN handling in README

* Fix local usage example

* Improve GitHub release error handling

* Fix cmd_utils discovery in publish script

* Skip more build caches

* Fail fast on TOML parse errors

* Format release summary output

* Add no-tag error test

* Test TOML parse failures

* Make uv python version configurable

* Document concurrency guard in usage

* Address review feedback with retries and tests

* Improve TOML version validation and test strategy

Extends boolean parsing to support more truthy values when validating dynamic version flags in TOML files. Refactors tests to run in-process with better coverage of various flag values and scenarios, replacing subprocess-based tests for efficiency and detail. Updates action to simplify Python version handling with uv and improves path detection for testing.

These changes make validation logic more robust and enhance test reliability.

* Add cmd-mox users guide

* Use cmd-mox to stub rust build command tests (#92)

* Use cmd-mox for rust build command tests

* Guard cmd-mox integration on Windows

* Refactor cmd-mox helpers into shared conftest

* Apply cmd-mox fake which simplification

* Mark Windows smoke tests as xfail (#94)

* Mark Windows smoke tests as xfail

* Tighten Windows smoke test expectations

* Address reviewer feedback for release-to-pypi-uv action (#98)

* Address review comments for release to PyPI action

* Add tests and docs for python-version handling

* Fix cmd_mox fixture usage and expose dev extra (#101)

* Fix cmd_mox fixture usage and expose dev extras

* Remove pyproject optional dev extra

* Remove Pyright configuration

* Add missing docstrings to release-to-pypi-uv modules (#103)

* Silence type-check import lints for release action (#104)

* Add toolchain-specific cargo cache key and clean shellstub imports (#88)

* Address review feedback for shellstub imports

* Fix MSYS2 install comments breaking pacman (#89)

* Fix MSYS2 install comments breaking pacman

* Fix Windows llvm-mingw metadata export

* Handle runtime detection timeouts

* Fix rust host detection timeout and Windows bin path (#91)

* Fix rust host detection timeout and Windows bin path

* Add timeout coverage for rust host detection

* Unify runtime probe timeout configuration

* test: capture rustc probe kwargs in timeout test

* Remove inline comments from Windows GNU MSYS2 package list (#99)

* Remove inline MSYS2 install comments

* Skip nfpm steps on Windows builds

* Handle nfpm packaging only for Linux

* Fix Windows invocation of rust-build-release (#102)

* Silence type-check import lints for release action

* Adds ignore rule for Crush agent artifacts

Ignores files generated by the Crush AI agent to prevent them from being tracked in version control.

Adds a symlink to AGENTS.md for discovery by Crush

* Format code after rebase validation to satisfy repo style checks.

💘 Generated with Crush
Co-Authored-By: Crush <crush@charm.land>

* fmt: extend fmt target to run ruff check --select D202,I001 --fix; apply resulting fixes

💘 Generated with Crush
Co-Authored-By: Crush <crush@charm.land>

---------

Co-authored-by: Payton McIntosh <pmcintosh@df12.net>
Co-authored-by: Crush <crush@charm.land>

* Narrow module fixtures to ModuleType (#105)

* Add docstrings for release-to-pypi-uv tests and helpers (#106)

* Add missing docstrings for release-to-pypi-uv tests

* Simplify cmd-mox typing and streamline docstrings

* Apply formatting

* chore: remove unused imports across scripts and tests

* style(_helpers): alphabetise __all__ tuple

* tests: drop superfluous parentheses from @pytest.fixture usage

---------

Co-authored-by: Payton McIntosh <pmcintosh@df12.net>

* Scope type-checking imports (#111)

* Scope type-checking imports

* Fix lint warnings across release scripts

* Clarify cargo stream capture error

* ci: add lint and format checks

* Install action-validator in CI lint workflow

* Install bun validator packages in CI

* Test full success message for matching versions (#113)

* Address review comments (#116)

* Address review feedback for release-to-pypi-uv actions (#112)

* Address review feedback

* Add CLI coverage for publish and validate scripts

* Add deterministic validation tests and bunx validator checks

* Update ci.yml remove unneeded step

* Fix formatting

* Fix Windows xfail marker removal for pytest 8 (#120)

* Fix Windows xfail marker removal for pytest 8

* Tighten Windows xfail marker filtering

* Handle runtime probe timeouts and expand release tests (#119)

* Handle runtime probe timeouts and expand release tests

* Add _probe_runtime coverage and assert timeout warnings

* Expand TOML skip directories for release validation (#122)

* Expand pyproject skip list handling

* Strengthen TOML and runtime timeout tests

* Assert cargo fallback logs podman failure

* Parameterize skip-directory regression

* Reinforce regression coverage for release tooling (#130)

* Refine skip directory regression parameterization

* Document skip directories and DRY timeout assertions

* Parametrize publish index test

* Refactor runtime timeout tests

* Rebase onto origin/python-lib-release-action and resolve conflicts

- Resolve merge in validate_toml_versions tests by standardizing module loading
- Register dynamically loaded scripts in sys.modules to support reload semantics
- Make toolchain triple test robust to host arch by selecting matching target
- Run formatting, lint, typecheck, and tests to validate integration

💘 Generated with Crush
Co-Authored-By: Crush <crush@charm.land>

---------

Co-authored-by: Crush <crush@charm.land>

* Harden release-to-pypi-uv workflow and regression coverage (#134)

* Improve release validation jitter handling

* Adjust runtime fallback host triples per platform

* Make release validation deterministic and configurable

* Rebase python-lib-release-action onto origin/main; resolve conflicts preserving branch intent; drop uv.lock in favor of main; fix tests and typing/lint issues; all tests pass and linters clean

* Close cargo pipes when coverage stream missing (#137)

* Close cargo pipes when missing

* Ensure cargo pipes close on all paths

* Ensure guard closes cargo pipes before exiting

* Handle release script auth failure and multiline outputs (#136)

* Handle release script auth failure and multiline outputs

* Harden windows toolchain setup and extend runtime tests

* Handle release auth errors and tweak toolchain retries

* Fix cross install warning expectation (#139)

* Fix cross install warning assertion

* Harden cross install harness checks

* Sanitize runtime probe timeout and guard actions

* Refine runtime probe helpers and add timeout tests

* Fix runtime probe lint findings

* Share echo recorder fixture across runtime tests

* Update fmt target description (#140)

* Resolve rebase conflicts and align runtime tests with platform/timeouts from main while preserving branch improvements; ensure formatting passes and all tests/linters are green.

💘 Generated with Crush
Co-Authored-By: Crush <crush@charm.land>

---------

Co-authored-by: Payton McIntosh <pmcintosh@df12.net>
Co-authored-by: Crush <crush@charm.land>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leynos