fix(release): publish Electron updater manifests even when one platform fails#2369
Conversation
…rm fails On the v0.17.2 tag run, the Windows Electron build failed, which made the publish-electron matrix fail. publish-electron-assets was gated on that whole matrix succeeding, so it was skipped and latest-mac.yml / latest-linux*.yml were never uploaded to the release. The release was then flipped to 'latest' without its updater feeds, leaving mac auto-update hitting a 404 on latest-mac.yml. - publish-electron-assets now runs as long as resolve/verify succeeded and build_electron is true, even if publish-electron partially failed. The merge script already only publishes manifests that were produced and validates that latest-mac.yml contains both mac arches, so a missing mac arch still fails the job correctly. - publish-release no longer accepts publish-electron-assets being skipped when building electron: a release can only become 'latest' once the updater manifests were actually published.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@enriquesouza is attempting to deploy a commit to the Different AI Team on Vercel. A member of the Team first needs to authorize it. |
|
Nice fix for the Windows-failure case. One thing I think is worth tightening: this PR allows I reproduced the manifest-script part locally with Based on the workflow gates, this scenario appears possible if the failed matrix leg is Should the manifest merge require all expected updater feeds for supported updater platforms, or should the workflow only tolerate failure for known non-blocking legs like Windows? |
|
Read through this one carefully since release gating is easy to get subtly wrong, and I think it's correct — worth spelling out why for anyone else reviewing. The mechanism is right: with the matrix at The load-bearing safety property (maybe worth a line in the PR body): each matrix leg uploads its installers before the updater-manifest artifact under Two things I'd flag:
Mechanism and gate are sound; these are documentation/symmetry notes rather than blockers. |
Pablosinyores
left a comment
There was a problem hiding this comment.
Traced the gate logic and this holds up nicely. The key safety property — a release can't be promoted to latest without its updater feeds — is preserved: if the mac leg fails, publish-electron is failure, the assets job still runs and merges what exists, but the manifest validation (latest-mac.yml must contain both mac arches) fails, so publish-electron-assets is failure, and the latest gate now requires that job to be success. So a missing-mac release correctly stops short of latest instead of 404ing users. Windows-only failure still ships mac/linux feeds. That's exactly right.
One thing worth confirming: this keys on publish-electron.result == 'failure'. If the electron build matrix uses the default fail-fast: true, a Windows leg failing early would cancel an in-flight mac leg, and you'd lose the mac feed even though mac would have built fine. Setting fail-fast: false on that matrix (if not already) would let mac finish independently and get the most out of this change.
Problem
macOS users on
v0.17.2get a 404 on auto-update:The
v0.17.2GitHub release has the mac/linux installers and.blockmapfiles but nolatest-mac.yml/latest-linux*.ymlupdater feeds, even though the release notes say they should be attached.Root cause
The
v0.17.2tag run (run 28069104797) had this job graph:Each Electron build uploads its installers to the release and its
latest*.ymlas a workflow artifact.Publish Electron Assetsis the job that downloads those artifacts, merges them per-arch, validates, and uploads the mergedlatest-mac.yml/latest-linux*.ymlto the release.That job was gated on
needs.publish-electron.result == 'success'. Because the Windows leg failed, the wholepublish-electronmatrix isfailure, soPublish Electron Assetswas skipped — the mac/linux updater manifests were never attached. The draft release was then published aslatestwithout its updater feeds, so every mac install now 404s onlatest-mac.yml.A failure in one unrelated platform (Windows) held the macOS updater feed hostage.
Fix
Two
if:changes inrelease-macos-aarch64.yml:publish-electron-assetsnow runs as long asresolve-release/verify-releasesucceeded andbuild_electron == 'true', even whenpublish-electronpartially failed (success || failure). The merge script (publish-electron-assets.mjs) already only publishes manifests that were actually produced, andvalidateManifest()requireslatest-mac.ymlto contain bothmac-arm64andmac-x64entries — so a genuinely missing mac arch still fails the job correctly rather than silently shipping a broken feed. A Windows-only failure no longer suppresses the mac/linux feeds.publish-releaseno longer acceptspublish-electron-assetsbeingskippedwhenbuild_electron == 'true': a release can only be flipped to--latestonce the updater manifests were actually published (result == 'success', orskippedonly when electron builds are off). This prevents a "latest" release from ever existing without its updater feeds.No change to the merge script was needed — it already handles missing manifests gracefully and validates the merged feeds.
Validation
Reproduced the merge locally using the actual
electron-macos-arm64/electron-macos-x64artifacts from the failed run. With the fix,Publish Electron Assetswould have succeeded and produced this valid merged feed:merged
latest-mac.yml(ready to attach to v0.17.2)YAML validated (
YAML.load_fileOK). Behavior matrix:validateManifestfailspublish-electron-assets→publish-releaseskipped → release stays draft. Safe.build_electron == false→ unchanged (publish-release proceeds as today).Retro-fixing v0.17.2
This PR prevents recurrence for future releases. For the already-shipped
v0.17.2, a maintainer with release write access can attach the missing feed right now:gh run download 28069104797 -R different-ai/openwork -n electron-macos-arm64 -D dist/arm64 gh run download 28069104797 -R different-ai/openwork -n electron-macos-x64 -D dist/x64 GITHUB_REPOSITORY=different-ai/openwork RUNNER_TEMP=/tmp/ow \ node scripts/release/publish-electron-assets.mjs --manifests-only dist v0.17.2 # (same for the linux artifacts → latest-linux.yml / latest-linux-arm64.yml)Or cut a new release once this is merged.
Out of scope (possible follow-ups)
aur-publishstill requirespublish-electron.result == 'success', so a Windows failure would still skip the AUR publish. Same class of coupling; left untouched here to keep this fix surgical.v0.17.2is a separate issue.