Slipstream/auto_review
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 27 Packages Activity Actions

fix(release): package runnable binary archives #175

Merged
jwilger merged 3 commits from fix/issue-163-runnable-release-artifact into main 2026-05-09 08:41:34 -07:00
Conversation 3 Commits 3 Files changed 8 +286 -24
jwilger commented 2026-05-09 08:01:23 -07:00
Owner
Copy link

Summary

  • Package Linux binary archives from a portable release root containing the CLI launcher, runtime launcher, and Nix closure instead of the Nix makeWrapper alone.
  • Teach embedded OCI startup validation to accept the exact relocated release-root bundle/runtime shape while preserving path rejection guardrails.
  • Add release tooling and gateway regression tests for wrapper-only archives and relocated embedded OCI paths.

Verification

  • nix develop -c cargo test -p ar-gateway embedded_oci_gateway
  • bash tests/release_tooling/publish_workflow_test.sh
  • bash tests/release_tooling/ci_pr_artifacts_test.sh
  • nix build .#checks.x86_64-linux.release-tooling --no-link
  • nix develop -c cargo fmt --all -- --check
  • nix develop -c cargo clippy -p ar-gateway --all-targets -- -D warnings
  • Portable release-root smoke: auto-review --version, bin/youki --version
  • Extracted archive smoke: ./auto-review --version, ./bin/youki --version

Closes #163

PR artifacts for 980cbc576f:

Docker image: git.johnwilger.com/jwilger/auto_review/ar-gateway-pr:pr-175-980cbc576fae13890ee04c502a5cef8c3b851a47
binary download: https://git.johnwilger.com/api/packages/jwilger/generic/auto-review-pr/175-980cbc576fae13890ee04c502a5cef8c3b851a47/auto-review-pr-175-980cbc576fae13890ee04c502a5cef8c3b851a47-linux-x86_64.tar.gz
SHA256SUMS: https://git.johnwilger.com/api/packages/jwilger/generic/auto-review-pr/175-980cbc576fae13890ee04c502a5cef8c3b851a47/SHA256SUMS

## Summary - Package Linux binary archives from a portable release root containing the CLI launcher, runtime launcher, and Nix closure instead of the Nix makeWrapper alone. - Teach embedded OCI startup validation to accept the exact relocated release-root bundle/runtime shape while preserving path rejection guardrails. - Add release tooling and gateway regression tests for wrapper-only archives and relocated embedded OCI paths. ## Verification - `nix develop -c cargo test -p ar-gateway embedded_oci_gateway` - `bash tests/release_tooling/publish_workflow_test.sh` - `bash tests/release_tooling/ci_pr_artifacts_test.sh` - `nix build .#checks.x86_64-linux.release-tooling --no-link` - `nix develop -c cargo fmt --all -- --check` - `nix develop -c cargo clippy -p ar-gateway --all-targets -- -D warnings` - Portable release-root smoke: `auto-review --version`, `bin/youki --version` - Extracted archive smoke: `./auto-review --version`, `./bin/youki --version` Closes #163 <!-- auto_review:artifact-links:start --> PR artifacts for 980cbc576fae13890ee04c502a5cef8c3b851a47: Docker image: git.johnwilger.com/jwilger/auto_review/ar-gateway-pr:pr-175-980cbc576fae13890ee04c502a5cef8c3b851a47 binary download: https://git.johnwilger.com/api/packages/jwilger/generic/auto-review-pr/175-980cbc576fae13890ee04c502a5cef8c3b851a47/auto-review-pr-175-980cbc576fae13890ee04c502a5cef8c3b851a47-linux-x86_64.tar.gz SHA256SUMS: https://git.johnwilger.com/api/packages/jwilger/generic/auto-review-pr/175-980cbc576fae13890ee04c502a5cef8c3b851a47/SHA256SUMS <!-- auto_review:artifact-links:end -->
fix(release): package runnable binary archives
All checks were successful
CI / Verify PR with nix flake check (pull_request) Successful in 3m24s
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
auto_review auto_review: 2 warnings
CI / Build PR artifacts (no token) (pull_request) Successful in 1m42s
Details
CI / Publish PR artifact packages (pull_request) Successful in 1m9s
Details
62012b01ff
auto-review approved these changes 2026-05-09 08:05:03 -07:00
Dismissed
auto-review left a comment
Copy link

The PR refactors the packaging process for Linux binary archives, ensuring they include the necessary runtime components. It updates the CI and release workflows to accommodate these changes and adds tests to verify the new packaging logic. The changes appear safe to merge, but ensure that all paths and variables are correctly set and validated.

Walkthrough

  • CI Workflow Changes:

    • Updated the CI workflow to use x86_release_root for packaging, ensuring the correct components are included in the archive.
    • Verify that the x86_release_root variable is correctly set and used.

  • Release Workflow Changes:

    • Similar updates to the release workflow to ensure the correct components are packaged.
    • Ensure that the x86_release_root variable is correctly set and used.

  • Startup Validation:

    • Replaced validate_packaged_nix_store_path with validate_packaged_oci_input_paths to handle new validation logic.
    • Ensure all necessary validations are still covered.

  • Flake Configuration:

    • Added a new package ar-cli-portable-release-root to the flake configuration to support the new packaging structure.

  • Testing:

    • Added tests to verify that the new packaging logic does not include Nix wrapper-only payloads.
The PR refactors the packaging process for Linux binary archives, ensuring they include the necessary runtime components. It updates the CI and release workflows to accommodate these changes and adds tests to verify the new packaging logic. The changes appear safe to merge, but ensure that all paths and variables are correctly set and validated. ## Walkthrough - **CI Workflow Changes**: - Updated the CI workflow to use `x86_release_root` for packaging, ensuring the correct components are included in the archive. - Verify that the `x86_release_root` variable is correctly set and used. - **Release Workflow Changes**: - Similar updates to the release workflow to ensure the correct components are packaged. - Ensure that the `x86_release_root` variable is correctly set and used. - **Startup Validation**: - Replaced `validate_packaged_nix_store_path` with `validate_packaged_oci_input_paths` to handle new validation logic. - Ensure all necessary validations are still covered. - **Flake Configuration**: - Added a new package `ar-cli-portable-release-root` to the flake configuration to support the new packaging structure. - **Testing**: - Added tests to verify that the new packaging logic does not include Nix wrapper-only payloads.
.forgejo/workflows/ci.yml Outdated
auto-review commented 2026-05-09 08:05:03 -07:00
Owner
Copy link

🟡 Warning: Ensure that the x86_release_root variable is correctly set and used throughout the script. Verify that the path is valid and accessible in the context where it's used.

🟡 **Warning:** Ensure that the `x86_release_root` variable is correctly set and used throughout the script. Verify that the path is valid and accessible in the context where it's used.
jwilger commented 2026-05-09 08:18:48 -07:00
Author
Owner
Copy link

Reflection: I relied on the existing workflow checks to cover the new variable, but they only proved the portable package marker existed; they did not assert that x86_release_root was assigned before it was used for archiving. Classification: one-off missing test pressure, addressed with a focused release-tooling assertion. Remediation: added CI workflow coverage that verifies x86_release_root is assigned from .#packages.x86_64-linux.ar-cli-portable-release-root, and that the archive is created from that variable after assignment. Pushed in 990dcfd. Verified with bash tests/release_tooling/ci_pr_artifacts_test.sh and nix build .#checks.x86_64-linux.release-tooling --no-link.

Reflection: I relied on the existing workflow checks to cover the new variable, but they only proved the portable package marker existed; they did not assert that `x86_release_root` was assigned before it was used for archiving. Classification: one-off missing test pressure, addressed with a focused release-tooling assertion. Remediation: added CI workflow coverage that verifies `x86_release_root` is assigned from `.#packages.x86_64-linux.ar-cli-portable-release-root`, and that the archive is created from that variable after assignment. Pushed in 990dcfd. Verified with `bash tests/release_tooling/ci_pr_artifacts_test.sh` and `nix build .#checks.x86_64-linux.release-tooling --no-link`.
jwilger marked this conversation as resolved
.forgejo/workflows/release-publish.yml Outdated
auto-review commented 2026-05-09 08:05:03 -07:00
Owner
Copy link

🟡 Warning: Check that the x86_release_root variable is correctly set and used throughout the script. Ensure that the path is valid and accessible in the context where it's used.

🟡 **Warning:** Check that the `x86_release_root` variable is correctly set and used throughout the script. Ensure that the path is valid and accessible in the context where it's used.
jwilger commented 2026-05-09 08:18:52 -07:00
Author
Owner
Copy link

Reflection: I validated the portable package with smoke tests, but the release workflow contract test did not explicitly couple x86_release_root assignment to every later use. Classification: one-off missing test pressure rather than a new guardrail gap. Remediation: tightened the publish workflow test to require x86_release_root to be assigned from the portable x86 release package before both archiving and metadata generation use it. Pushed in 990dcfd. Verified with bash tests/release_tooling/publish_workflow_test.sh and nix build .#checks.x86_64-linux.release-tooling --no-link.

Reflection: I validated the portable package with smoke tests, but the release workflow contract test did not explicitly couple `x86_release_root` assignment to every later use. Classification: one-off missing test pressure rather than a new guardrail gap. Remediation: tightened the publish workflow test to require `x86_release_root` to be assigned from the portable x86 release package before both archiving and metadata generation use it. Pushed in 990dcfd. Verified with `bash tests/release_tooling/publish_workflow_test.sh` and `nix build .#checks.x86_64-linux.release-tooling --no-link`.
jwilger marked this conversation as resolved
test(release): verify portable artifact root usage
All checks were successful
CI / Verify PR with nix flake check (pull_request) Successful in 3m27s
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
auto_review auto_review: 5 warnings
CI / Build PR artifacts (no token) (pull_request) Successful in 1m41s
Details
CI / Publish PR artifact packages (pull_request) Successful in 1m11s
Details
990dcfd3de
jwilger dismissed auto-review's review 2026-05-09 08:18:41 -07:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

auto-review approved these changes 2026-05-09 08:22:24 -07:00
Dismissed
auto-review left a comment
Copy link

The PR enhances the release process by packaging Linux binary archives from a portable release root and updating CI tests to ensure proper artifact generation. The changes appear safe to merge, with added checks for CI workflow steps.

Walkthrough

Δ since 62012b0:

  • CI Tests:
    • Added checks to ensure that the CI workflow includes steps for building and archiving PR binary artifacts.
    • Validated that x86_release_root is correctly assigned and used in the CI scripts to prevent errors.
The PR enhances the release process by packaging Linux binary archives from a portable release root and updating CI tests to ensure proper artifact generation. The changes appear safe to merge, with added checks for CI workflow steps. ## Walkthrough ### Δ since 62012b0: - **CI Tests**: - Added checks to ensure that the CI workflow includes steps for building and archiving PR binary artifacts. - Validated that `x86_release_root` is correctly assigned and used in the CI scripts to prevent errors.
tests/release_tooling/ci_pr_artifacts_test.sh
auto-review commented 2026-05-09 08:22:23 -07:00
Owner
Copy link

🟡 Warning: Lines 6–26: Ensure that the CI workflow includes a PR binary artifact build step. This is crucial for verifying that the build process is correctly generating the necessary artifacts for PRs.

🟡 **Warning:** **Lines 6–26:** Ensure that the CI workflow includes a PR binary artifact build step. This is crucial for verifying that the build process is correctly generating the necessary artifacts for PRs.
jwilger commented 2026-05-09 08:25:53 -07:00
Author
Owner
Copy link

Reflection: I let the follow-up review rediscover release-tooling expectations that are already enforced by the updated contract test instead of calling that out in the PR context. Classification: one-off stale/duplicate feedback rather than a guardrail gap. Remediation: verified the CI workflow contract already requires the PR artifact build job and PR binary artifact publication markers; no code change needed. Verification: bash tests/release_tooling/ci_pr_artifacts_test.sh passed.

Reflection: I let the follow-up review rediscover release-tooling expectations that are already enforced by the updated contract test instead of calling that out in the PR context. Classification: one-off stale/duplicate feedback rather than a guardrail gap. Remediation: verified the CI workflow contract already requires the PR artifact build job and PR binary artifact publication markers; no code change needed. Verification: `bash tests/release_tooling/ci_pr_artifacts_test.sh` passed.
jwilger marked this conversation as resolved
tests/release_tooling/ci_pr_artifacts_test.sh
auto-review commented 2026-05-09 08:22:23 -07:00
Owner
Copy link

🟡 Warning: Lines 9–32: Check that the CI PR binary artifact step assigns x86_release_root from the portable x86 release package build. This ensures that the correct build output is being archived.

🟡 **Warning:** **Lines 9–32:** Check that the CI PR binary artifact step assigns `x86_release_root` from the portable x86 release package build. This ensures that the correct build output is being archived.
auto-review commented 2026-05-09 08:22:23 -07:00
Owner
Copy link

🟡 Warning: Lines 9–32: Verify that the CI PR binary artifact step archives from the x86_release_root path. This is necessary to ensure that the correct files are included in the archive.

🟡 **Warning:** **Lines 9–32:** Verify that the CI PR binary artifact step archives from the `x86_release_root` path. This is necessary to ensure that the correct files are included in the archive.
auto-review commented 2026-05-09 08:22:23 -07:00
Owner
Copy link

🟡 Warning: Lines 9–32: Ensure that x86_release_root is set before archiving from it in the CI PR binary artifact step. This prevents potential errors due to uninitialized variables.

🟡 **Warning:** **Lines 9–32:** Ensure that `x86_release_root` is set before archiving from it in the CI PR binary artifact step. This prevents potential errors due to uninitialized variables.
jwilger commented 2026-05-09 08:25:53 -07:00
Author
Owner
Copy link

Reflection: The first remediation tightened this exact invariant, but the new review comment did not see that the assertion lives in the release-tooling test rather than only in the workflow diff. Classification: one-off duplicate feedback. Remediation: confirmed the test requires x86_release_root to be assigned from .#packages.x86_64-linux.ar-cli-portable-release-root. Verification: bash tests/release_tooling/ci_pr_artifacts_test.sh passed.

Reflection: The first remediation tightened this exact invariant, but the new review comment did not see that the assertion lives in the release-tooling test rather than only in the workflow diff. Classification: one-off duplicate feedback. Remediation: confirmed the test requires `x86_release_root` to be assigned from `.#packages.x86_64-linux.ar-cli-portable-release-root`. Verification: `bash tests/release_tooling/ci_pr_artifacts_test.sh` passed.
jwilger commented 2026-05-09 08:25:53 -07:00
Author
Owner
Copy link

Reflection: I previously focused the assertion on assignment ordering, but the same test also needed to make clear that archiving uses the resolved release-root path. Classification: one-off duplicate feedback already covered by the focused test. Remediation: confirmed the contract test requires tar -C "$x86_release_root" in the PR binary artifact step. Verification: bash tests/release_tooling/ci_pr_artifacts_test.sh passed.

Reflection: I previously focused the assertion on assignment ordering, but the same test also needed to make clear that archiving uses the resolved release-root path. Classification: one-off duplicate feedback already covered by the focused test. Remediation: confirmed the contract test requires `tar -C "$x86_release_root"` in the PR binary artifact step. Verification: `bash tests/release_tooling/ci_pr_artifacts_test.sh` passed.
jwilger commented 2026-05-09 08:25:53 -07:00
Author
Owner
Copy link

Reflection: The original issue was missing ordering pressure around x86_release_root; this follow-up correctly points at the same failure mode, but the pushed remediation already added that ordering assertion. Classification: one-off duplicate feedback. Remediation: confirmed the CI contract test fails if archiving appears before the x86_release_root assignment. Verification: bash tests/release_tooling/ci_pr_artifacts_test.sh passed.

Reflection: The original issue was missing ordering pressure around `x86_release_root`; this follow-up correctly points at the same failure mode, but the pushed remediation already added that ordering assertion. Classification: one-off duplicate feedback. Remediation: confirmed the CI contract test fails if archiving appears before the `x86_release_root` assignment. Verification: `bash tests/release_tooling/ci_pr_artifacts_test.sh` passed.
jwilger marked this conversation as resolved
tests/release_tooling/publish_workflow_test.sh
auto-review commented 2026-05-09 08:22:23 -07:00
Owner
Copy link

🟡 Warning: Lines 9–32: Ensure that x86_release_root is set before metadata generation uses it in the binary artifact step. This prevents potential errors due to uninitialized variables.

🟡 **Warning:** **Lines 9–32:** Ensure that `x86_release_root` is set before metadata generation uses it in the binary artifact step. This prevents potential errors due to uninitialized variables.
jwilger commented 2026-05-09 08:25:53 -07:00
Author
Owner
Copy link

Reflection: I initially under-specified the release publish contract around metadata generation, which let the same variable-ordering concern recur. Classification: one-off missing test pressure, already remediated in the updated publish workflow test. Remediation: confirmed the test requires x86_release_root assignment before both archive creation and metadata generation use it. Verification: bash tests/release_tooling/publish_workflow_test.sh passed.

Reflection: I initially under-specified the release publish contract around metadata generation, which let the same variable-ordering concern recur. Classification: one-off missing test pressure, already remediated in the updated publish workflow test. Remediation: confirmed the test requires `x86_release_root` assignment before both archive creation and metadata generation use it. Verification: `bash tests/release_tooling/publish_workflow_test.sh` passed.
jwilger marked this conversation as resolved
docs: require reviewer mentions in feedback replies
All checks were successful
CI / Verify PR with nix flake check (pull_request) Successful in 7s
Details
CI / Request auto_review semantic review (pull_request) Successful in 1s
Details
auto_review auto_review: no findings
CI / Build PR artifacts (no token) (pull_request) Successful in 1m29s
Details
CI / Publish PR artifact packages (pull_request) Successful in 1m8s
Details
Clean PR packages / Delete packages for merged PRs (pull_request) Successful in 16s
Details
980cbc576f
jwilger dismissed auto-review's review 2026-05-09 08:35:56 -07:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

auto-review approved these changes 2026-05-09 08:36:14 -07:00
auto-review left a comment
Copy link

The PR updates documentation to specify that replies to inline comments should begin with an @-mention of the original comment author. This change ensures that the reviewer is notified and the thread remains attributable. The changes appear safe to merge.

The PR updates documentation to specify that replies to inline comments should begin with an @-mention of the original comment author. This change ensures that the reviewer is notified and the thread remains attributable. The changes appear safe to merge.
jwilger deleted branch fix/issue-163-runnable-release-artifact 2026-05-09 08:41:34 -07:00
Sign in to join this conversation.
Reviewers
No reviewers
auto-review
Labels
Clear labels   
bug

   
discussion

   
enhancement
  
bug
Something is not working

  
duplicate
This issue or pull request already exists

  
enhancement
New feature

  
help wanted
Need some help

  
invalid
Something is wrong

  
question
More information is needed

  
wontfix
This won't be fixed

No labels
bug
discussion
enhancement
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Slipstream/auto_review!175
No description provided.