Skip to content

Critical Fix: Release Workflow and Dependabot Removal #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
radleta merged 1 commit into from
Nov 4, 2025
Merged

Critical Fix: Release Workflow and Dependabot Removal #14

radleta merged 1 commit into from
Nov 4, 2025

Conversation

@radleta
Copy link
Owner

@radleta radleta commented Nov 4, 2025

Critical Fix: Release Workflow and Dependabot Removal

Summary

This PR contains a critical fix for the GitHub Actions release workflow that caused all 215 integration tests to fail during the v1.1.0 release attempt. It also removes Dependabot configuration to reduce PR noise for this solo-maintained project.

Changes

🐛 Critical Fix: Release Workflow Test/Build Order

  • Problem: Release workflow ran tests before build, causing all integration tests to fail
  • Root Cause: Integration tests execute dist/src/index.js which doesn't exist until after build
  • Solution: Swapped order - build now runs before tests in .github/workflows/release.yml
  • Impact: All 625 tests will now pass in CI/CD, unblocking releases

🔧 Maintenance: Remove Dependabot

  • Rationale: Excessive PR noise for solo-maintained project
  • Approach: Manual dependency updates in batches by maintainers
  • Security: npm audit still runs automatically in CI/CD (fails on high/critical vulnerabilities)
  • Documentation: Added "Dependency Management" section to CONTRIBUTING.md explaining this decision

📝 Documentation Updates

  • Added CHANGELOG.md Unreleased section with these changes
  • Updated CONTRIBUTING.md with Dependency Management section
  • Updated .claude/commands/release-ready.md audit guidance

Files Changed

 .claude/commands/release-ready.md |   3 +-
 .github/dependabot.yml            |  46 deletion (removed)
 .github/workflows/release.yml     |   6 +-- (swap test/build order)
 CHANGELOG.md                      |  10 +++-
 CONTRIBUTING.md                   |   4 ++++
 5 files changed, 16 insertions(+), 53 deletions(-)

Testing

  • ✅ Verified workflow changes locally
  • ✅ Pre-commit hooks passed
  • ✅ All documentation updated
  • 🔄 CI/CD will verify full test suite runs successfully with new workflow order

Related Issues

Fixes the v1.1.0 release failure discovered in GitHub Actions run #49124003405

Deployment Notes

After merge:

  1. Tag new version: v1.1.1 or re-tag v1.1.0 if preferred
  2. Push tag to trigger release workflow
  3. Verify release workflow completes successfully with new build/test order

Checklist

  • Changes tested locally
  • Documentation updated (CHANGELOG, CONTRIBUTING)
  • Commit follows conventional commit format
  • No breaking changes
  • Security: No secrets or sensitive files committed

Type: Hotfix
Priority: Critical (blocks releases)
Scope: CI/CD infrastructure + maintenance

@radleta
fix(ci): fix release workflow and remove Dependabot
ceb62f3 
- Fix release workflow test/build order (build before tests)
- Remove Dependabot configuration (excessive PR noise)
- Add Dependency Management section to CONTRIBUTING.md
- Update CHANGELOG.md with Unreleased changes
- Update release-ready.md audit guidance
@radleta radleta merged commit 0e2705e into main Nov 4, 2025
8 checks passed
@radleta radleta deleted the releases/1.1.0 branch November 4, 2025 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@radleta