fix(ci): route manual-release through PR + auto-merge#595
Conversation
The workflow was pushing the version-bump commit directly to main, which now fails because main is protected (PR-only). Replace the direct push with: push to a release branch, open a PR, enable auto-merge (squash), then wait for the merge before creating the tag and GitHub release. This restores the in-repo 'Manual Release' workflow without changing the release artifact (tag, release notes, version file bump).
![its-saffron[bot]](https://avatars.githubusercontent.com/in/3901073?s=60&v=4){kind=small}
There was a problem hiding this comment.
AI Automated Review
Full PR review.
Analysis engine: MiniMax-M2.7@https://litellm.jory.dev/v1 (anthropic) — escalated (fast_low_confidence)
PR Review: fix(ci): route manual-release through PR + auto-merge
Summary
This PR fixes a broken Manual Release workflow that was attempting to push directly to the protected main branch. The change routes version bumps through a PR with auto-merge, matching the documented manual release process in AGENTS.md.
Change-by-Change Findings
-
Added
pull-requests: writepermission — Required forgh pr createandgh pr mergeto work with the bot app token. Appropriate scope for the job's purpose. -
Replaced direct-to-main push with branch-based flow — The "Commit version bump to release branch" step now pushes to
chore/release-v<version>instead ofHEAD:main, respecting branch protection. -
Added "Open version-bump PR and enable auto-merge" step — Creates a PR with
--delete-branchand enables squash auto-merge viagh pr merge --auto --squash --delete-branch. The PR title"chore: release v${VERSION}"matches the pattern seen in past release PRs (PR 594, PR 548). -
Added "Wait for version-bump PR to merge" step — Polls every 5 seconds for up to 10 minutes (120 iterations). Properly fails with an informative error if the PR doesn't merge in time, allowing manual retry or completion.
-
Conditional execution — Both new steps use
if: steps.bump.outputs.branch != '', correctly skipping when no version changes exist.
Standards Compliance
The implementation aligns with the documented release process in AGENTS.md:
- Branch naming convention:
chore/release-v<version>✓ - PR title format:
chore: release v<version>✓ - Squash merge strategy ✓
- GitHub App bot token for operations ✓
- Tag and release creation preserved in subsequent steps ✓
Test Failure Note
The test check shows failure, but the failing file (tests/reaction-events.test.js) is completely unrelated to this workflow-only change. The diff only modifies .github/workflows/manual-release.yml. The test failure is a pre-existing issue, not introduced by this PR — lint passed, confirming no syntax issues.
Unknowns / Needs Verification
- None identified. The workflow logic is self-consistent, uses correct GitHub CLI commands, and follows repository conventions.
Linked Issue Fit
No linked issue was provided, so no fit comparison is applicable.
Recommendation
Approve. The fix resolves the root cause (direct push to protected branch), follows established repository conventions, adds appropriate error handling for the merge wait, and the release artifact output is unchanged.
1 participant
Problem
The in-repo Manual Release workflow has been silently broken since main became protected. The
Commit version bumpstep didgit push origin HEAD:maindirectly, which GitHub now rejects:This means triggering the workflow produces a version-bump commit that never reaches main, and the rest of the job (tag + release) hangs on a stale local checkout.
Fix
Replace the direct-to-main push with the same path the team has been using manually for past releases (e.g. #548, #594):
chore/release-v<version>).main.gh pr merge --auto --squash --delete-branch.Added
pull-requests: writeto job permissions sogh pr create/gh pr mergework with the bot app token.Notes
package.json+package-lock.jsonbump) is unchanged.chore: release v<version>).