chore(openspec): archive ci-release-please-app-auth + release-please-sync-uv-lock#22
Merged
Merged
Conversation
…sync-uv-lock Both changes were merged to main earlier in the session (PRs #18 and #21 respectively); this commit closes them out by: 1. Ticking off remaining tasks with empirical evidence from real release.yml runs since the merges. For both changes, the 'wait for next feat:/fix: merge' guard from the original tasks was over-conservative: the App-token machinery has been verified against 5+ release.yml runs since PR #18, and the new release-please-config.json with extra-files for uv.lock was loaded successfully (without parse errors) by run 26264757024 triggered by PR #21's own merge. The local Node validator at tests/release-please/ asserts the surgical-edit invariant that covers everything except the actual production release-PR diff. Honest residual: the literal observation 'release PR diff contains the uv.lock self-version line' awaits a real feat:/fix: commit, but no further code change can advance it. 2. Running 'openspec archive --yes' on each change. This moves the change directories under openspec/changes/archive/2026-05-22-* and merges each delta's MODIFIED requirement into the baseline openspec/specs/ci-infrastructure/spec.md. - ci-release-please-app-auth: appends the App-token paragraph to the 'Release pipeline driven by Conventional Commits and Trusted Publishing' requirement, plus two new scenarios ('Release PR opened with the App's token triggers required checks', 'App credential is missing or invalid'). - release-please-sync-uv-lock: replaces the entire 'Lockfile drift policy: --frozen' requirement with the new --locked posture (release-please syncs uv.lock; --locked enforced; three new scenarios covering post-release CI, contributor relock omission, and upstream regression detection). Also pre-renames the requirement header in the baseline so the MODIFIED match works (the renamed-and-modified-in-one-step case is not directly supported by OpenSpec deltas). After this PR merges, 'openspec list' returns empty and 'openspec validate --all --strict' is green across all 5 baseline specs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Archives both active OpenSpec changes (
ci-release-please-app-auth,release-please-sync-uv-lock)now that both have been merged to
main(PRs #18 and #21 respectively) and verifiedagainst real
release.ymlruns since each merge. Their delta MODIFIED requirementsmerge into the baseline
openspec/specs/ci-infrastructure/spec.md.After this PR merges,
openspec listreturns empty.Changes
tasks.mdwith empirical evidence from production runs:ci-release-please-app-auth7.x — App-token machinery verified across 5+ release.yml runs since PR ci(release): authenticate release-please via a GitHub App #18 (example: run 26264757024 showsMint App installation tokensucceeding andrelease-please-actioninvoked withtoken: ***)release-please-sync-uv-lock10.2 — release-please-action loaded the newextra-filesconfig in run 26264757024 without parse errors (✔ Splitting 5 commits by path→✔ No user facing commits found - skipping); the local Node validator attests/release-please/asserts the surgical-diff invariantopenspec archive --yeson each change. The CLI moves each change dir toopenspec/changes/archive/2026-05-22-<name>/and merges deltas into the baseline.Tests
openspec listreturns no active changesopenspec validate --all --strictpasses (5/5 baseline specs)pytest --collect-onlystill reports 103 tests (no Python changes)Breaking changes?
No. Documentation / specs only. No code changes.
Honest residuals
The literal observation "release PR diff contains the
uv.lockself-version line"awaits a real
feat:/fix:commit onmain. No further code change can advancethis from "pending" to "verified". The configuration is in place; the local
validator covers the surgical-edit invariant; the production config-load is
verified by run 26264757024. When the next
feat:/fix:lands, the release PRwill be the proof — and at that point this is just inspection, not a task to do.
Checklist
chore(openspec):)