ci: consolidate E2E orchestration with change detection and release gate retrigger#394
Conversation
When new code lands on main (e.g. test: commits not in changelog), the release gate on an open release-please PR may have stale green checks from before the merge. This adds a job to e2e.yml that re-runs the release gate after E2E completes on main, ensuring the gate re-evaluates against the current main state. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: cd7431f7020b
WalkthroughAdds a CI orchestrator workflow ( Changes
Sequence Diagram(s)mermaid Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
Adds a post-E2E automation on main to re-trigger the “Release Gate” workflow for any open release-please PR so the gate reflects the latest main E2E outcome (avoiding stale green checks).
Changes:
- Adds a
retrigger-release-gatejob to.github/workflows/e2e.ymlthat runs afterweb-e2eonpushtomain. - Uses
gh pr listto find an open release-please PR andgh run rerunto rerun its most recentrelease-gate.ymlworkflow run.
- Add pull-requests: read permission for gh pr list - Filter for completed runs only before gh run rerun Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: f03b9b6eac89
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/e2e.yml (1)
197-199: Refine PR lookup to explicitly match the release-please branch naming convention.The current
--search "head:release-please"performs prefix matching and will correctly find branches likerelease-please--branches--main. However, it would also match unintended branches (e.g.,release-please-old,release-please-backup). Since the codebase uses therelease-please--*naming convention (as seen inrelease-gate.yml), explicitly filtering by that pattern is clearer and more defensive.🛠️ More explicit PR lookup
PR_BRANCH=$(gh pr list --repo "${{ github.repository }}" \ - --search "head:release-please" --state open --limit 1 \ - --json headRefName --jq '.[0].headRefName // empty') + --state open --limit 100 --json headRefName \ + --jq 'map(select(.headRefName | startswith("release-please--"))) | .[0].headRefName // empty')🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/e2e.yml around lines 197 - 199, Update the PR lookup to only match branches following the explicit release-please naming convention by changing the gh PR search string used when populating PR_BRANCH: replace the loose prefix filter "head:release-please" with the explicit pattern "head:release-please--" in the gh pr list invocation (the command that sets PR_BRANCH) so only branches like release-please--* are returned.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/e2e.yml:
- Around line 208-220: The current step uses gh run rerun which preserves the
original GITHUB_SHA/GITHUB_REF so release-gate.yml's detect-changes (the
PREV_TAG..HEAD diff) still compares against the stale PR HEAD; replace the gh
run rerun invocation with either (A) dispatching the release-gate workflow on
main (use gh workflow run / workflow_dispatch API to run release-gate.yml with
--ref main or via the workflow's dispatch endpoint) so the workflow executes
with main's current HEAD, or (B) change release-gate.yml's detect-changes logic
to resolve main dynamically (git fetch origin main and diff
PREV_TAG..origin/main instead of PREV_TAG..HEAD) so reruns correctly compare
against current main; refer to the gh run rerun call, release-gate.yml, and the
detect-changes / PREV_TAG..HEAD comparison to implement one of these fixes.
---
Nitpick comments:
In @.github/workflows/e2e.yml:
- Around line 197-199: Update the PR lookup to only match branches following the
explicit release-please naming convention by changing the gh PR search string
used when populating PR_BRANCH: replace the loose prefix filter
"head:release-please" with the explicit pattern "head:release-please--" in the
gh pr list invocation (the command that sets PR_BRANCH) so only branches like
release-please--* are returned.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: f51308d8-2c7b-47b8-9313-e86b815070f6
📒 Files selected for processing (1)
.github/workflows/e2e.yml
Single orchestrator workflow for push-to-main E2E testing: - New ci-e2e.yml with unified change detection (dorny/paths-filter) for both web and desktop paths - Conditionally calls e2e.yml and desktop-e2e.yml via workflow_call - Owns the retrigger-release-gate job (moved from e2e.yml) - e2e.yml and desktop-e2e.yml retain workflow_call + workflow_dispatch triggers for manual runs and direct invocation - Release gate updated to poll ci-e2e.yml and verify specific job conclusions (handles skipped-due-to-no-changes case) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 9c7659b74311
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #394 +/- ##
==========================================
- Coverage 61.18% 61.15% -0.04%
==========================================
Files 132 132
Lines 9750 9750
Branches 978 976 -2
==========================================
- Hits 5966 5963 -3
- Misses 3570 3573 +3
Partials 214 214
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci-e2e.yml:
- Around line 31-50: The desktop file-watch patterns in ci-e2e.yml are missing
the apps/desktop/src-tauri/Cargo.lock entry; update the desktop patterns array
(the block containing entries like 'apps/desktop/src/**',
'apps/desktop/src-tauri/Cargo.toml', etc.) to include
'apps/desktop/src-tauri/Cargo.lock' so changes to that lockfile trigger the
desktop E2E workflow consistently with release-gate.yml.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 67531e6f-8d6f-4c94-afce-1ab6fc5a1c46
📒 Files selected for processing (4)
.github/workflows/ci-e2e.yml.github/workflows/desktop-e2e.yml.github/workflows/e2e.yml.github/workflows/release-gate.yml
💤 Files with no reviewable changes (2)
- .github/workflows/desktop-e2e.yml
- .github/workflows/e2e.yml
gh run rerun preserves the original GITHUB_SHA, so HEAD after checkout points to the stale PR merge commit. Diff against origin/main instead to detect desktop changes against current main. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: baa91ca323bc
- Add missing Cargo.lock to desktop patterns in ci-e2e.yml - Fix jq parse error on empty gh run list result in release gate - Update log messages from "Web E2E" to "CI E2E" in polling loop Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 92e9c7769bd7
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (1)
.github/workflows/release-gate.yml:71
- This comment says the desktop path patterns are “mirrored from ci-e2e.yml”, but the
DESKTOP_PATTERNSlist here is missing several paths present inci-e2e.yml(e.g.,crates/**, rootCargo.toml/Cargo.lock,tests/vectors/**, and.github/workflows/ci-e2e.yml). That can cause the release gate to skip Desktop E2E verification even when desktop-related Rust code changed. Align this pattern list withci-e2e.yml(or refactor so both workflows share a single source of truth).
# Desktop-related path patterns (mirrored from ci-e2e.yml)
DESKTOP_PATTERNS=(
'apps/desktop/src/'
'apps/desktop/src-tauri/src/'
'apps/desktop/src-tauri/vendor/'
- Set fetch-depth: 0 so dorny/paths-filter can diff against before SHA - Remove nonexistent apps/desktop/src-tauri/Cargo.lock (root Cargo.lock already covers workspace lockfile changes) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: e9226a3a0ace
|
@coderabbitai please review |
|
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
.github/workflows/release-gate.yml (1)
67-84:⚠️ Potential issue | 🟠 MajorDesktop path patterns don't match ci-e2e.yml — gate verification can be bypassed.
The comment claims patterns are mirrored from
ci-e2e.yml, but several patterns are missing or incorrect:Missing (ci-e2e.yml will run desktop E2E, but release-gate won't require verification):
crates/— covers changes to Rust cratesCargo.tomlandCargo.lockat root leveltests/vectors/.github/workflows/ci-e2e.ymlExtra (release-gate may require verification when ci-e2e.yml didn't run tests):
apps/desktop/src-tauri/Cargo.lock— not present in ci-e2e.yml patternsProposed fix to align patterns
# Desktop-related path patterns (mirrored from ci-e2e.yml) DESKTOP_PATTERNS=( 'apps/desktop/src/' 'apps/desktop/src-tauri/src/' 'apps/desktop/src-tauri/vendor/' 'apps/desktop/src-tauri/capabilities/' 'apps/desktop/src-tauri/resources/' 'apps/desktop/src-tauri/Cargo.toml' - 'apps/desktop/src-tauri/Cargo.lock' 'apps/desktop/src-tauri/build.rs' 'apps/desktop/src-tauri/rust-toolchain.toml' 'apps/desktop/index.html' 'apps/desktop/vite.config.' 'apps/desktop/tsconfig' + 'crates/' + 'Cargo.toml' + 'Cargo.lock' + 'tests/vectors/' 'packages/crypto/src/' 'packages/crypto/tsconfig' '.github/workflows/desktop-e2e.yml' + '.github/workflows/ci-e2e.yml' )🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-gate.yml around lines 67 - 84, DESKTOP_PATTERNS currently deviates from ci-e2e.yml: remove the extra 'apps/desktop/src-tauri/Cargo.lock' entry and add the missing patterns so the gate mirrors ci-e2e.yml exactly; specifically update the DESKTOP_PATTERNS array (the variable named DESKTOP_PATTERNS in the release-gate.yml diff) to include 'crates/', root-level 'Cargo.toml' and 'Cargo.lock', 'tests/vectors/', and '.github/workflows/ci-e2e.yml' while removing the incorrect apps/desktop/src-tauri/Cargo.lock pattern so release-gate verification matches ci-e2e.yml.
🧹 Nitpick comments (1)
.github/workflows/release-gate.yml (1)
162-164: Job name matching viacontains()is fragile but functional.When ci-e2e.yml calls the reusable e2e.yml workflow, GitHub may surface the job with a composed name like
"Web E2E / Web E2E Tests". Thecontains("Web E2E")filter should match this, but the approach is sensitive to job name changes in either workflow.Consider adding a brief comment documenting the expected job name format, or using a more specific pattern if the exact composed name is known.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/release-gate.yml around lines 162 - 164, Summary: The WEB_E2E_RAN calculation relies on a fragile contains("Web E2E") jq filter that can break if job names change; update it to be explicit or document the expected job-name composition. Fix: In the expression that sets WEB_E2E_RAN, either replace the contains("Web E2E") predicate with a more robust jq regex test (e.g., use test("^Web E2E") or a pattern matching the known composed name like "Web E2E / Web E2E Tests") to avoid accidental mismatches, or keep contains but add a clear inline comment documenting the exact job-name format produced by reusable e2e.yml; refer to the WEB_E2E_RAN variable and the contains("Web E2E") predicate to locate the change. Ensure the chosen pattern matches both simple and composed names and update the comment accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In @.github/workflows/release-gate.yml:
- Around line 67-84: DESKTOP_PATTERNS currently deviates from ci-e2e.yml: remove
the extra 'apps/desktop/src-tauri/Cargo.lock' entry and add the missing patterns
so the gate mirrors ci-e2e.yml exactly; specifically update the DESKTOP_PATTERNS
array (the variable named DESKTOP_PATTERNS in the release-gate.yml diff) to
include 'crates/', root-level 'Cargo.toml' and 'Cargo.lock', 'tests/vectors/',
and '.github/workflows/ci-e2e.yml' while removing the incorrect
apps/desktop/src-tauri/Cargo.lock pattern so release-gate verification matches
ci-e2e.yml.
---
Nitpick comments:
In @.github/workflows/release-gate.yml:
- Around line 162-164: Summary: The WEB_E2E_RAN calculation relies on a fragile
contains("Web E2E") jq filter that can break if job names change; update it to
be explicit or document the expected job-name composition. Fix: In the
expression that sets WEB_E2E_RAN, either replace the contains("Web E2E")
predicate with a more robust jq regex test (e.g., use test("^Web E2E") or a
pattern matching the known composed name like "Web E2E / Web E2E Tests") to
avoid accidental mismatches, or keep contains but add a clear inline comment
documenting the exact job-name format produced by reusable e2e.yml; refer to the
WEB_E2E_RAN variable and the contains("Web E2E") predicate to locate the change.
Ensure the chosen pattern matches both simple and composed names and update the
comment accordingly.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 22464127-6bee-4dd0-bafe-3cdbe671e627
📒 Files selected for processing (2)
.github/workflows/ci-e2e.yml.github/workflows/release-gate.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/ci-e2e.yml
- Add missing patterns: crates/, Cargo.toml, Cargo.lock, tests/vectors/, .github/workflows/ci-e2e.yml - Remove nonexistent apps/desktop/src-tauri/Cargo.lock - Document composed job name format for Web E2E contains() filter Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: d5267b9c1a63
|
Both issues from the latest CodeRabbit review addressed in a796d7c:
|
|
Tip For best results, initiate chat on the files or code changes.
Both issues are fully addressed. 🎉 🧠 Learnings usedIf you found this review helpful, would you consider giving us a shout-out on X? Thank you for using CodeRabbit! |
- Guard against all-zero SHA in dorny/paths-filter base ref - Add gh api error handling for Web E2E job verification - Update stale comment wording from "desktop E2E runs" to "CI E2E orchestrator runs" Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 8525b4154e13
|
@coderabbitai please review |
|
🧠 Learnings used✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/workflows/ci-e2e.yml (1)
99-110: Consider logging the re-run outcome for observability.The
gh run reruncommand will fail silently (in terms of workflow logs) if the API call succeeds but the run cannot be re-triggered (e.g., workflow disabled, permissions issues). Adding a confirmation step could improve debugging.♻️ Optional: Log re-run confirmation
echo "Re-running release gate (run ${RUN_ID}) so it verifies E2E against current main" - gh run rerun "${RUN_ID}" --repo "${{ github.repository }}" + if gh run rerun "${RUN_ID}" --repo "${{ github.repository }}"; then + echo "✅ Successfully re-triggered release gate run ${RUN_ID}" + else + echo "::warning::Failed to re-trigger release gate run ${RUN_ID}" + fi🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/ci-e2e.yml around lines 99 - 110, The rerun step currently invokes gh run rerun on RUN_ID but doesn't log whether the re-run was actually queued or failed; after calling gh run rerun "${RUN_ID}" (and/or capturing its stdout/stderr) check the command exit code and/or call gh run view "${RUN_ID}" (or use gh run list filtered by databaseId) to confirm the run was re-triggered, then emit a clear log line like "Re-run queued for ${RUN_ID}" on success or "Failed to queue re-run for ${RUN_ID}: <error/exit-code/gh output>" on failure; update the block that sets RUN_ID and invokes gh run rerun to capture and log this outcome.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In @.github/workflows/ci-e2e.yml:
- Around line 99-110: The rerun step currently invokes gh run rerun on RUN_ID
but doesn't log whether the re-run was actually queued or failed; after calling
gh run rerun "${RUN_ID}" (and/or capturing its stdout/stderr) check the command
exit code and/or call gh run view "${RUN_ID}" (or use gh run list filtered by
databaseId) to confirm the run was re-triggered, then emit a clear log line like
"Re-run queued for ${RUN_ID}" on success or "Failed to queue re-run for
${RUN_ID}: <error/exit-code/gh output>" on failure; update the block that sets
RUN_ID and invokes gh run rerun to capture and log this outcome.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 12b26891-2a81-482c-882d-c4fe7c48a913
📒 Files selected for processing (2)
.github/workflows/ci-e2e.yml.github/workflows/release-gate.yml
🚧 Files skipped from review as they are similar to previous changes (1)
- .github/workflows/release-gate.yml
Summary
ci-e2e.ymlorchestrator: single push-to-main workflow with unifieddorny/paths-filterchange detection for both web and desktop pathse2e.yml(web changes) anddesktop-e2e.yml(desktop changes) viaworkflow_callretrigger-release-gatejob that re-runs the release gate on open release-please PRs after E2E completese2e.ymlanddesktop-e2e.ymlsimplified: removed push triggers and change detection, retainworkflow_call+workflow_dispatchci-e2e.ymlwith job-level conclusion checks (handles the "web E2E skipped but needs verification" case by searching recent runs)Root cause
Two issues fixed:
test:commits land on main, release-please doesn't update its PR, so the release gate never re-runs. The retrigger job forces re-evaluation.Web path patterns
apps/web/,apps/api/,packages/,tests/web-e2e/,tools/mock-ipns-routing/,.github/workflows/e2e.yml,.github/workflows/ci-e2e.ymlDesktop path patterns
(Moved from
desktop-e2e.yml, unchanged)Test plan
tests/web-e2e/→ web E2E runs, desktop E2E skipsapps/desktop/→ desktop E2E runs, web E2E skipspackages/crypto/→ both run (it's in both path lists).planning/→ both skip, retrigger still runsworkflow_dispatchone2e.ymlordesktop-e2e.yml→ runs unconditionally🤖 Generated with Claude Code
Summary by CodeRabbit