lhumina_code/hero_proxy
22
0
Fork 0
Code Issues 6 Pull requests 1 Projects Releases 3 Packages Wiki Activity Actions

fix(ci): replace build-linux.yaml with canonical release.yaml #27

Closed
mik-tf wants to merge 1 commit from development_mik_2 into development
pull from: development_mik_2
merge into: lhumina_code:development
Conversation 1 Commits 1 Files changed 2 +145 -114
mik-tf commented 2026-04-26 00:08:11 +00:00
Owner
Copy link

Follow-up to #26 — caught a real miss in the post-merge audit on development.

What I missed in #26

hero_proxy has TWO workflow files. PR #26 fixed test.yaml (restored Makefile so make check/test/lint worked) but did NOT touch build-linux.yaml. The post-merge push run on commit 919c391 had two runs:

  • test.yaml green (PR #26 fix worked)
  • build-linux.yaml red (still failing)

Net effect: hero_proxy's development branch CI is still red overall after #26 — exactly what the user caught.

Why build-linux.yaml is failing

Two problems:

  1. Wrong trigger. Fires on every push to development (plus main and tags v*), not just on tag push:

    on:
  push:
    tags: ["v*"]
    branches: [main, development]

    Every dev push tries to build release artifacts and run the release-creation step (gated by if: startsWith(github.ref, 'refs/tags/v') so the upload is skipped on dev pushes, but the BUILD always runs).

  2. Depends on deleted scripts/build_lib.sh. Workflow does source scripts/build_lib.sh and calls cargo_env, setup_linux_toolchain, build_binaries. Same scripts that commit 16baab3 removed and that #26 deliberately did NOT reintroduce.

Fix — adopt the canonical release.yaml

Replaced build-linux.yaml with release.yaml matching the canonical pattern documented in home#188 and the hero_router reference impl:

  • Triggers on v* tag push only (+ workflow_dispatch) — no more spurious red runs on every dev push
  • Cross-compiles to x86_64-unknown-linux-musl (static-pie — runs on any x86_64 Linux)
  • Calls cargo directly — no scripts/build_lib.sh dependency
  • Reads $BINARIES from buildenv.sh, uploads each as release asset (same shape as hero_router's <bin>-linux-amd64-musl artifacts)

This also contributes to home#187 P0 — once tagged, hero_proxy will publish working static-pie linux binaries the same way hero_router does.

Verification

The new workflow only fires on tag push, so I can't fully exercise it without cutting a tag. The development branch will be green after merge because only test.yaml (already canonical) fires on dev pushes.

I'll cut a v0.5.1-dev tag once a few more repos are green to start spreading the release-artifacts pattern.

Discipline note

I missed this in #26's audit because I stopped at "PR CI green" without auditing the full set of workflows on the post-merge push. Lesson logged. Updated home#188 per-repo procedure to add: "audit ALL workflows and verify ALL push triggers go green post-merge before ticking the checkbox."

Tracker: home#188

Signed-off-by: mik-tf

Follow-up to [#26](https://forge.ourworld.tf/lhumina_code/hero_proxy/pulls/26) — caught a real miss in the post-merge audit on `development`. ## What I missed in #26 hero_proxy has TWO workflow files. PR #26 fixed `test.yaml` (restored Makefile so `make check/test/lint` worked) but did NOT touch `build-linux.yaml`. The post-merge push run on commit [`919c391`](https://forge.ourworld.tf/lhumina_code/hero_proxy/commit/919c391) had two runs: - `test.yaml` → ✅ green (PR #26 fix worked) - `build-linux.yaml` → ❌ red (still failing) Net effect: hero_proxy's `development` branch CI is **still red overall** after #26 — exactly what the user caught. ## Why `build-linux.yaml` is failing Two problems: 1. **Wrong trigger.** Fires on every push to `development` (plus `main` and tags `v*`), not just on tag push: ```yaml on: push: tags: ["v*"] branches: [main, development] ``` Every dev push tries to build release artifacts and run the release-creation step (gated by `if: startsWith(github.ref, 'refs/tags/v')` so the upload is skipped on dev pushes, but the BUILD always runs). 2. **Depends on deleted `scripts/build_lib.sh`.** Workflow does `source scripts/build_lib.sh` and calls `cargo_env`, `setup_linux_toolchain`, `build_binaries`. Same scripts that commit [`16baab3`](https://forge.ourworld.tf/lhumina_code/hero_proxy/commit/16baab3) removed and that #26 deliberately did NOT reintroduce. ## Fix — adopt the canonical release.yaml Replaced `build-linux.yaml` with `release.yaml` matching the canonical pattern documented in [home#188](https://forge.ourworld.tf/lhumina_code/home/issues/188) and the [hero_router reference impl](https://forge.ourworld.tf/lhumina_code/hero_router/src/branch/development/.forgejo/workflows/release.yaml): - **Triggers on `v*` tag push only** (+ `workflow_dispatch`) — no more spurious red runs on every dev push - **Cross-compiles to `x86_64-unknown-linux-musl`** (static-pie — runs on any x86_64 Linux) - **Calls cargo directly** — no `scripts/build_lib.sh` dependency - **Reads `$BINARIES` from `buildenv.sh`**, uploads each as release asset (same shape as hero_router's `<bin>-linux-amd64-musl` artifacts) This also contributes to [home#187](https://forge.ourworld.tf/lhumina_code/home/issues/187) P0 — once tagged, hero_proxy will publish working static-pie linux binaries the same way hero_router does. ## Verification The new workflow only fires on tag push, so I can't fully exercise it without cutting a tag. The `development` branch will be green after merge because only `test.yaml` (already canonical) fires on dev pushes. I'll cut a `v0.5.1-dev` tag once a few more repos are green to start spreading the release-artifacts pattern. ## Discipline note I missed this in #26's audit because I stopped at "PR CI green" without auditing the full set of workflows on the post-merge push. Lesson logged. **Updated home#188** per-repo procedure to add: "audit ALL workflows and verify ALL push triggers go green post-merge before ticking the checkbox." Tracker: [home#188](https://forge.ourworld.tf/lhumina_code/home/issues/188) Signed-off-by: mik-tf
fix(ci): replace build-linux.yaml with canonical release.yaml
All checks were successful
Build & Test / check (push) Successful in 1m33s
Details
Build & Test / check (pull_request) Successful in 1m58s
Details
3ab769d704 
Follow-up to #26 — caught a real miss in the post-merge audit on
development.  The prior build-linux.yaml had two problems:

1. **Wrong trigger** — fired on every push to `development` (and main +
   tags), not just on tag push.  Result: every dev push tried to build
   release artifacts and create a release.  This is what was making
   dev CI red after #26 merged.

2. **Depended on deleted scripts/build_lib.sh** — same `cargo_env`,
   `setup_linux_toolchain`, `build_binaries` helpers that 16baab3
   removed.  Workflow died at `source scripts/build_lib.sh`.

Replaced with `release.yaml` matching the canonical pattern documented
in lhumina_code/home#188 and the
hero_router reference impl
(https://forge.ourworld.tf/lhumina_code/hero_router/src/branch/development/.forgejo/workflows/release.yaml):

- Triggers ONLY on `v*` tag push (+ workflow_dispatch)
- Cross-compiles to x86_64-unknown-linux-musl (static-pie — runs on
  any x86_64 Linux)
- Calls cargo directly — no scripts/build_lib.sh dependency
- Reads $BINARIES from buildenv.sh, uploads each as release asset

Side effect of the trigger fix: the `development` branch's CI is now
just `test.yaml`.  No more spurious red runs from build-linux on
every push.

This is also the release-artifacts P0 contribution that home#187
calls for — once tagged, hero_proxy will publish working static-pie
linux binaries the same way hero_router does
(https://forge.ourworld.tf/lhumina_code/hero_router/releases).

Discipline note: I missed this in #26's audit because I stopped at
"PR CI green" without auditing the full set of workflows.  Updated
home#188's per-repo work to "audit ALL workflows and verify ALL push
triggers go green post-merge".

Closes the post-merge red CI on hero_proxy/development.

PR: https://forge.ourworld.tf/lhumina_code/hero_proxy/pulls/N
Tracker: lhumina_code/home#188

Signed-off-by: mik-tf
mik-tf closed this pull request 2026-04-26 00:12:12 +00:00
mik-tf commented 2026-04-26 00:15:00 +00:00
Author
Owner
Copy link

Squash-merged to development as 797e906. Branch deleted. Post-merge push CI green — hero_proxy now fully clean.

Squash-merged to `development` as [`797e906`](https://forge.ourworld.tf/lhumina_code/hero_proxy/commit/797e906). Branch deleted. Post-merge push CI green ✅ — hero_proxy now fully clean.
All checks were successful
Build & Test / check (push) Successful in 1m33s
Details
Build & Test / check (pull_request) Successful in 1m58s
Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
prio_critical

   
prio_low

   
type_bug

   
type_contact

   
type_issue

   
type_lead

   
type_question

   
type_story

   
type_task
No labels
prio_critical
prio_low
type_bug
type_contact
type_issue
type_lead
type_question
type_story
type_task
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_proxy!27
No description provided.