fix: harden publish workflow against stale tags and version misdetection#21
Merged
carlos-alm merged 1 commit intomainfrom Feb 22, 2026
Merged
fix: harden publish workflow against stale tags and version misdetection#21carlos-alm merged 1 commit intomainfrom
carlos-alm merged 1 commit intomainfrom
Conversation
Contributor
Greptile SummaryImproves publish workflow robustness by preventing stale tag interference and version misdetection issues. Key changes:
Critical issue:
Confidence Score: 2/5
Important Files Changed
Last reviewed commit: 56edd76 |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
.github/workflows/publish.yml
Outdated
| # bump detection (it uses the latest tag as baseline for commit range) | ||
| for tag in $(git tag -l 'v*'); do | ||
| TAG_VER="${tag#v}" | ||
| if node -e "process.exit(require('semver').gt('$TAG_VER','$CURRENT')?0:1)" 2>/dev/null; then |
Contributor
There was a problem hiding this comment.
semver package not installed — will fail with "Cannot find module 'semver'"
Suggested change
| if node -e "process.exit(require('semver').gt('$TAG_VER','$CURRENT')?0:1)" 2>/dev/null; then | |
| if node -e "v1='$TAG_VER'; v2='$CURRENT'; [v1Arr, v2Arr] = [v1, v2].map(v => v.split('.').map(Number)); exit = v1Arr[0] > v2Arr[0] || (v1Arr[0] === v2Arr[0] && v1Arr[1] > v2Arr[1]) || (v1Arr[0] === v2Arr[0] && v1Arr[1] === v2Arr[1] && v1Arr[2] > v2Arr[2]) ? 0 : 1; process.exit(exit)" 2>/dev/null; then |
.github/workflows/publish.yml
Outdated
Comment on lines
+146
to
+152
| for tag in $(git tag -l 'v*'); do | ||
| TAG_VER="${tag#v}" | ||
| if node -e "process.exit(require('semver').gt('$TAG_VER','$CURRENT')?0:1)" 2>/dev/null; then | ||
| echo "::warning::Removing stale local tag $tag (newer than v$CURRENT)" | ||
| git tag -d "$tag" || true | ||
| fi | ||
| done |
Contributor
There was a problem hiding this comment.
Iterates over ALL v* tags — with 100+ tags this could be slow. Consider filtering to recent tags only or adding a limit.
.github/workflows/publish.yml
Outdated
| git push origin "v${{ steps.version.outputs.new_version }}" | ||
| TAG="v${{ steps.version.outputs.new_version }}" | ||
| # Create annotated tag (force-replace if stale from a prior run) | ||
| git tag -fa "$TAG" -m "release: $TAG" |
Contributor
There was a problem hiding this comment.
Consider using lightweight tag (-f only) instead of annotated tag (-fa). Annotated tags create separate commit objects with their own SHA and timestamp.
Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!
commit-and-tag-version crashes with "fatal: tag already exists" when a tag was already created (e.g. via GitHub release) before the workflow runs. Fix: use --skip.tag on all bump paths so we control tag creation, and skip tag push when the tag already exists on the remote. Also fix the release event path to extract the version from the release tag name instead of blindly trusting package.json.
carlos-alm
force-pushed
the
feat/registry-hardening
branch
from
56edd76 to
6906448
Compare
carlos-alm
pushed a commit
that referenced
this pull request
Feb 26, 2026
- Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities
4 tasks
carlos-alm
pushed a commit
that referenced
this pull request
Feb 26, 2026
- Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities
carlos-alm
added a commit
that referenced
this pull request
Feb 26, 2026
* feat: add codegraph path for A→B symbol pathfinding Add `codegraph path <from> <to>` — BFS shortest-path search on the call graph. Given two symbol names, finds the shortest call chain with hop count, intermediate nodes, edge kinds, and alternate path count. Supports --reverse, --max-depth, --kinds, --from-file/--to-file, -T, -j, -k flags. Exposed as symbol_path MCP tool. Impact: 4 functions changed, 3 affected * docs: add Titan Paradigm use case, update docs with roles/co-change/path - Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities * docs: restore Architecture Refactoring phase, fix references - Restore Phase 3 (Architectural Refactoring) to ROADMAP - Renumber phases 4-8 and all cross-references - Fix MCP tool count per Greptile review * fix: correct MCP tool counts and backlog ID collisions Address Greptile review comments on #121: - Update MCP tool counts from 18/19 to 21 (22 in multi-repo mode) across README, recommended-practices, dogfood skill, titan-paradigm - Add missing execution_flow and list_entry_points to tool enumeration - Renumber new backlog items 21-26 → 27-32 to avoid collision with existing items 21-22 * feat: add token savings benchmark (codegraph vs raw navigation) Adds a benchmark suite that measures how much codegraph reduces token usage when AI agents navigate the Next.js codebase (~4k TS files). - scripts/token-benchmark-issues.js: 5 real Next.js PRs as test cases - scripts/token-benchmark.js: runner using Claude Agent SDK (baseline vs codegraph MCP), with --perf flag for build/query benchmarks - scripts/update-token-report.js: JSON → markdown report generator - docs/benchmarks/: methodology docs and placeholder report Impact: 21 functions changed, 7 affected * feat: extend benchmarks with incremental builds and expanded query coverage benchmark.js now measures no-op rebuilds, 1-file rebuilds, and query latency (fn-deps, fn-impact, path, roles) alongside full builds. update-benchmark-report.js renders new Incremental Rebuilds and Query Latency sections in BUILD-BENCHMARKS.md and adds incremental/query rows to the README performance table. All new fields are additive for backward compatibility. Impact: 5 functions changed, 2 affected * ci: include version in automated benchmark commits and PRs Extract version from benchmark result JSON and include it in branch names, commit messages, PR titles, and PR bodies across all 4 benchmark jobs (build, embedding, query, incremental). * fix: update remaining 19-tool references to 21-tool in README --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
carlos-alm
added a commit
that referenced
this pull request
Feb 26, 2026
* feat: add codegraph path for A→B symbol pathfinding Add `codegraph path <from> <to>` — BFS shortest-path search on the call graph. Given two symbol names, finds the shortest call chain with hop count, intermediate nodes, edge kinds, and alternate path count. Supports --reverse, --max-depth, --kinds, --from-file/--to-file, -T, -j, -k flags. Exposed as symbol_path MCP tool. Impact: 4 functions changed, 3 affected * docs: add Titan Paradigm use case, update docs with roles/co-change/path - Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities * docs: restore Architecture Refactoring phase, fix references - Restore Phase 3 (Architectural Refactoring) to ROADMAP - Renumber phases 4-8 and all cross-references - Fix MCP tool count per Greptile review * fix: correct MCP tool counts and backlog ID collisions Address Greptile review comments on #121: - Update MCP tool counts from 18/19 to 21 (22 in multi-repo mode) across README, recommended-practices, dogfood skill, titan-paradigm - Add missing execution_flow and list_entry_points to tool enumeration - Renumber new backlog items 21-26 → 27-32 to avoid collision with existing items 21-22 * feat: add token savings benchmark (codegraph vs raw navigation) Adds a benchmark suite that measures how much codegraph reduces token usage when AI agents navigate the Next.js codebase (~4k TS files). - scripts/token-benchmark-issues.js: 5 real Next.js PRs as test cases - scripts/token-benchmark.js: runner using Claude Agent SDK (baseline vs codegraph MCP), with --perf flag for build/query benchmarks - scripts/update-token-report.js: JSON → markdown report generator - docs/benchmarks/: methodology docs and placeholder report Impact: 21 functions changed, 7 affected * feat: extend benchmarks with incremental builds and expanded query coverage benchmark.js now measures no-op rebuilds, 1-file rebuilds, and query latency (fn-deps, fn-impact, path, roles) alongside full builds. update-benchmark-report.js renders new Incremental Rebuilds and Query Latency sections in BUILD-BENCHMARKS.md and adds incremental/query rows to the README performance table. All new fields are additive for backward compatibility. Impact: 5 functions changed, 2 affected * ci: include version in automated benchmark commits and PRs Extract version from benchmark result JSON and include it in branch names, commit messages, PR titles, and PR bodies across all 4 benchmark jobs (build, embedding, query, incremental). * fix: update remaining 19-tool references to 21-tool in README * docs: remove "viral" from titan paradigm LinkedIn reference --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
7 tasks
carlos-alm
added a commit
that referenced
this pull request
Feb 26, 2026
* feat: add codegraph path for A→B symbol pathfinding Add `codegraph path <from> <to>` — BFS shortest-path search on the call graph. Given two symbol names, finds the shortest call chain with hop count, intermediate nodes, edge kinds, and alternate path count. Supports --reverse, --max-depth, --kinds, --from-file/--to-file, -T, -j, -k flags. Exposed as symbol_path MCP tool. Impact: 4 functions changed, 3 affected * docs: add Titan Paradigm use case, update docs with roles/co-change/path - Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities * docs: restore Architecture Refactoring phase, fix references - Restore Phase 3 (Architectural Refactoring) to ROADMAP - Renumber phases 4-8 and all cross-references - Fix MCP tool count per Greptile review * fix: correct MCP tool counts and backlog ID collisions Address Greptile review comments on #121: - Update MCP tool counts from 18/19 to 21 (22 in multi-repo mode) across README, recommended-practices, dogfood skill, titan-paradigm - Add missing execution_flow and list_entry_points to tool enumeration - Renumber new backlog items 21-26 → 27-32 to avoid collision with existing items 21-22 * feat: add token savings benchmark (codegraph vs raw navigation) Adds a benchmark suite that measures how much codegraph reduces token usage when AI agents navigate the Next.js codebase (~4k TS files). - scripts/token-benchmark-issues.js: 5 real Next.js PRs as test cases - scripts/token-benchmark.js: runner using Claude Agent SDK (baseline vs codegraph MCP), with --perf flag for build/query benchmarks - scripts/update-token-report.js: JSON → markdown report generator - docs/benchmarks/: methodology docs and placeholder report Impact: 21 functions changed, 7 affected * feat: extend benchmarks with incremental builds and expanded query coverage benchmark.js now measures no-op rebuilds, 1-file rebuilds, and query latency (fn-deps, fn-impact, path, roles) alongside full builds. update-benchmark-report.js renders new Incremental Rebuilds and Query Latency sections in BUILD-BENCHMARKS.md and adds incremental/query rows to the README performance table. All new fields are additive for backward compatibility. Impact: 5 functions changed, 2 affected * ci: include version in automated benchmark commits and PRs Extract version from benchmark result JSON and include it in branch names, commit messages, PR titles, and PR bodies across all 4 benchmark jobs (build, embedding, query, incremental). * fix: update remaining 19-tool references to 21-tool in README * docs: remove "viral" from titan paradigm LinkedIn reference * fix: use endLine for scope-aware caller selection in nested functions Nested/closure functions (e.g. nodeId inside exportMermaid) were incorrectly classified as [dead] because the caller selection loop picked the last definition where line <= call.line, creating self-call edges that got filtered out. Now uses endLine to find the innermost enclosing scope, so calls within an outer function correctly attribute the outer function as caller rather than the nested function itself. Fixes false-positive [dead] for nodeId in branch-compare.js, export.js, and queries.js. Impact: 1 functions changed, 17 affected --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
carlos-alm
added a commit
that referenced
this pull request
Feb 26, 2026
* feat: add codegraph path for A→B symbol pathfinding Add `codegraph path <from> <to>` — BFS shortest-path search on the call graph. Given two symbol names, finds the shortest call chain with hop count, intermediate nodes, edge kinds, and alternate path count. Supports --reverse, --max-depth, --kinds, --from-file/--to-file, -T, -j, -k flags. Exposed as symbol_path MCP tool. Impact: 4 functions changed, 3 affected * docs: add Titan Paradigm use case, update docs with roles/co-change/path - Create docs/use-cases/titan-paradigm.md — maps Johannes R.'s multi-agent codebase cleanup architecture (RECON, GAUNTLET, GLOBAL SYNC, STATE MACHINE) to codegraph commands, roadmap items, and post-LLM-integration recommendations - Update roadmap/BACKLOG.md: mark #4 (node classification), #9 (git change coupling), #1 (dead code), #2 (shortest path), #12 (execution flow) as DONE; add 6 new Titan Paradigm-inspired items (#21-#26): composite audit, batch querying, triage priority queue, change validation predicates, graph snapshots, MCP orchestration tools - Update README.md: add roles + co-change to features table, differentiators, commands section, agent template, common flags, comparison table; update MCP tool count 18 → 19 - Update docs/recommended-practices.md: update MCP tool count and tool list, add roles/co-change/path to CLAUDE.md template and developer workflow, add "Understand architectural roles" and "Surface hidden coupling" sections, add co-change step to setup checklist - Add full examples with real output for roles, co-change, and path to docs/examples/CLI.md and docs/examples/MCP.md - Update GitHub repo description with new capabilities * docs: restore Architecture Refactoring phase, fix references - Restore Phase 3 (Architectural Refactoring) to ROADMAP - Renumber phases 4-8 and all cross-references - Fix MCP tool count per Greptile review * fix: correct MCP tool counts and backlog ID collisions Address Greptile review comments on #121: - Update MCP tool counts from 18/19 to 21 (22 in multi-repo mode) across README, recommended-practices, dogfood skill, titan-paradigm - Add missing execution_flow and list_entry_points to tool enumeration - Renumber new backlog items 21-26 → 27-32 to avoid collision with existing items 21-22 * feat: add token savings benchmark (codegraph vs raw navigation) Adds a benchmark suite that measures how much codegraph reduces token usage when AI agents navigate the Next.js codebase (~4k TS files). - scripts/token-benchmark-issues.js: 5 real Next.js PRs as test cases - scripts/token-benchmark.js: runner using Claude Agent SDK (baseline vs codegraph MCP), with --perf flag for build/query benchmarks - scripts/update-token-report.js: JSON → markdown report generator - docs/benchmarks/: methodology docs and placeholder report Impact: 21 functions changed, 7 affected * feat: extend benchmarks with incremental builds and expanded query coverage benchmark.js now measures no-op rebuilds, 1-file rebuilds, and query latency (fn-deps, fn-impact, path, roles) alongside full builds. update-benchmark-report.js renders new Incremental Rebuilds and Query Latency sections in BUILD-BENCHMARKS.md and adds incremental/query rows to the README performance table. All new fields are additive for backward compatibility. Impact: 5 functions changed, 2 affected * ci: include version in automated benchmark commits and PRs Extract version from benchmark result JSON and include it in branch names, commit messages, PR titles, and PR bodies across all 4 benchmark jobs (build, embedding, query, incremental). * fix: update remaining 19-tool references to 21-tool in README * docs: remove "viral" from titan paradigm LinkedIn reference * fix: use endLine for scope-aware caller selection in nested functions Nested/closure functions (e.g. nodeId inside exportMermaid) were incorrectly classified as [dead] because the caller selection loop picked the last definition where line <= call.line, creating self-call edges that got filtered out. Now uses endLine to find the innermost enclosing scope, so calls within an outer function correctly attribute the outer function as caller rather than the nested function itself. Fixes false-positive [dead] for nodeId in branch-compare.js, export.js, and queries.js. Impact: 1 functions changed, 17 affected * feat: add cognitive & cyclomatic complexity metrics Compute per-function complexity during build via single-traversal DFS of tree-sitter ASTs: cognitive (SonarSource), cyclomatic (McCabe), and max nesting depth. Stores results in new function_complexity table (migration v8) and surfaces them in stats, context, explain, and a dedicated `complexity` CLI command + MCP tool. Adds manifesto config section with warn thresholds (cognitive: 15, cyclomatic: 10, maxNesting: 4) seeding the future rule engine. Phase 1 supports JS/TS/TSX; unsupported languages are skipped gracefully. Impact: 18 functions changed, 32 affected --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
package.jsonversion that poisoncommit-and-tag-version's baseline (caused 1.4.1 instead of 2.0.0)--skip.tagfor all bump paths: Preventsfatal: tag already existscrashes on re-runsgit tag -fa+ force-push, safe for re-runspackage.jsonTest plan
workflow_dispatchwithversion-override: 2.0.0— should succeed despite stalev2.0.0tag on remote