Skip to content

ci(release): validate-first ordering + fix install-e2e/cli-e2e + install.sh curl bootstrap#3

Merged
Harsh-2002 merged 1 commit into
mainfrom
dev
Jun 2, 2026
Merged

ci(release): validate-first ordering + fix install-e2e/cli-e2e + install.sh curl bootstrap#3
Harsh-2002 merged 1 commit into
mainfrom
dev

Conversation

@Harsh-2002
Copy link
Copy Markdown
Owner

@Harsh-2002 Harsh-2002 commented Jun 2, 2026

Fix release ordering + the workflow failures from the v2026.06.02 cut

Two problems surfaced when cutting v2026.06.02:

1. Release ran before validation (the anti-pattern)

release.yml built + published immediately on tag push, in parallel with CI. Now it has a validate gate (go vet + race tests over the full module); every build job needs: validate, so nothing is built or published unless tests pass. The release is genuinely the last step.

2. install-e2e / cli-e2e raced the release cut → 404

These download the released binary, but triggered on main-push — so they ran during the window where the old release was already deleted and the new one wasn't published yet, and GET /releases/latest 404'd. Moved them to release: published so they validate the freshly-published artifacts (no race). macOS/Windows CLI install jobs also run on release now.

3. Pre-existing install.sh bug (since the 2026-05-30 installer rewrite)

install.sh called curl to resolve the release before installing prerequisites, so minimal hosts/containers without curl failed curl: not found — install-e2e has been red since 2026-05-30. Added ensure_downloader() to install curl up front. Verified end-to-end via test/install/run-distro.sh debian12 against the published release (install → service → health → smoke → uninstall all green).

4. Policy

CLAUDE.md release policy rewritten: validate first, release last, prune the OLD release AFTER the new one is live (deleting it first is what opened the 404 window).

Verification

  • All three workflow YAMLs parse; release.yml job graph: validate → all build-*release/docker-manifest.
  • install.sh: sh -n clean; debian12 install-e2e harness passes locally against v2026.06.02.
  • cli-e2e already re-ran green once the release published; install-e2e green locally with the curl fix.

@Harsh-2002
ci(release): validate before release; run install/cli-e2e on release …
c8cf175 
…publish; fix install.sh curl bootstrap

The release pipeline released first and validated in parallel — backwards.
Fix the ordering and the coupling:

- release.yml: add a `validate` gate (go vet + race tests over the full
  module); every build job now `needs: validate`, so nothing is built or
  published unless tests pass. Release is genuinely the last step.
- install-e2e.yml / cli-e2e.yml: these download the RELEASED binary, so
  move them off main-push (which raced the release cut — the old release
  was already deleted and the new one not yet published, so "latest" 404'd)
  onto `release: published`. They now validate the freshly-published
  artifacts. macOS/Windows CLI install jobs also run on release.
- install.sh: a pre-existing bug (since the 2026-05-30 installer rewrite) —
  it calls curl to resolve the release BEFORE installing prerequisites, so
  minimal hosts/containers without curl failed with "curl: not found".
  Add ensure_downloader() to install curl up front (verified end-to-end via
  test/install/run-distro.sh debian12 against the published release).
- CLAUDE.md: rewrite the release policy — validate first, release last,
  prune the OLD release AFTER the new one is live (never before).
@Harsh-2002 Harsh-2002 merged commit ff2ffef into main Jun 2, 2026
18 of 20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Harsh-2002