Skip to content

ci: consolidate E2E orchestration with change detection and release gate retrigger#394

Merged
FSM1 merged 8 commits into
mainfrom
fix/release-gate-retrigger-on-main-push
Mar 29, 2026
Merged

ci: consolidate E2E orchestration with change detection and release gate retrigger#394
FSM1 merged 8 commits into
mainfrom
fix/release-gate-retrigger-on-main-push

Conversation

@FSM1

@FSM1 FSM1 commented Mar 29, 2026

Copy link
Copy Markdown
Owner

Summary

  • New ci-e2e.yml orchestrator: single push-to-main workflow with unified dorny/paths-filter change detection for both web and desktop paths
  • Conditionally calls e2e.yml (web changes) and desktop-e2e.yml (desktop changes) via workflow_call
  • Owns the retrigger-release-gate job that re-runs the release gate on open release-please PRs after E2E completes
  • e2e.yml and desktop-e2e.yml simplified: removed push triggers and change detection, retain workflow_call + workflow_dispatch
  • Release gate updated to poll ci-e2e.yml with job-level conclusion checks (handles the "web E2E skipped but needs verification" case by searching recent runs)

Root cause

Two issues fixed:

  1. Stale release gate: When test: commits land on main, release-please doesn't update its PR, so the release gate never re-runs. The retrigger job forces re-evaluation.
  2. Duplicate change detection: Web E2E ran unconditionally on every push to main; desktop E2E had its own change detection. Now unified in one place.

Web path patterns

apps/web/, apps/api/, packages/, tests/web-e2e/, tools/mock-ipns-routing/, .github/workflows/e2e.yml, .github/workflows/ci-e2e.yml

Desktop path patterns

(Moved from desktop-e2e.yml, unchanged)

Test plan

  • Push to main touching only tests/web-e2e/ → web E2E runs, desktop E2E skips
  • Push to main touching only apps/desktop/ → desktop E2E runs, web E2E skips
  • Push to main touching packages/crypto/ → both run (it's in both path lists)
  • Push to main touching only .planning/ → both skip, retrigger still runs
  • workflow_dispatch on e2e.yml or desktop-e2e.yml → runs unconditionally
  • Release gate on release-please PR verifies web E2E job conclusion, not just orchestrator success
  • Retrigger job finds and re-runs release gate after E2E completes

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Added a CI orchestration workflow that runs web and desktop end-to-end suites on push or manual trigger.
    • Converted dedicated E2E workflows to manual/workflow-call triggers and simplified desktop change detection behavior.
    • Enhanced release validation to locate, re-run, and verify orchestrated CI runs, ensuring web and desktop E2E jobs actually executed successfully.

When new code lands on main (e.g. test: commits not in changelog),
the release gate on an open release-please PR may have stale green
checks from before the merge. This adds a job to e2e.yml that
re-runs the release gate after E2E completes on main, ensuring
the gate re-evaluates against the current main state.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: cd7431f7020b
@coderabbitai

coderabbitai Bot commented Mar 29, 2026

Copy link
Copy Markdown

Walkthrough

Adds a CI orchestrator workflow (.github/workflows/ci-e2e.yml) that detects path changes and conditionally invokes reusable Web and Desktop E2E workflows; removes push-based change detection from desktop-e2e.yml and e2e.yml; and retargets release-gate.yml to validate orchestrator (ci-e2e.yml) runs and ensure Web/Desktop jobs actually ran.

Changes

Cohort / File(s) Summary
CI Orchestrator
.github/workflows/ci-e2e.yml
New workflow added that uses dorny/paths-filter to set web/desktop flags and conditionally calls reusable Web/Desktop E2E workflows; includes a retrigger job to rerun release-gate workflow runs when applicable.
Existing E2E triggers
.github/workflows/e2e.yml, .github/workflows/desktop-e2e.yml
Removed push triggers and local changes gating; desktop-e2e.yml no longer has a standalone changes job or needs dependency and is call/dispatch-only.
Release gate
.github/workflows/release-gate.yml
Change-detection now diffs PREV_TAG against origin/main; verify-e2e polls/inspects ci-e2e.yml runs (captures databaseId) and asserts Web/Desktop jobs actually executed (falls back to earlier successful run where job ran).
Workflows directory (misc)
.github/workflows/...
Consolidation of path filters and retargeting of CI orchestration/verification across workflows; updated path globs for desktop detection and CI triggers.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Push as Git Push / Manual
participant CI as CI Orchestrator (ci-e2e.yml)
participant Paths as Paths Filter
participant Web as Web E2E (e2e.yml)
participant Desktop as Desktop E2E (desktop-e2e.yml)
participant ReleaseGate as Release Gate (release-gate.yml)
Push->>CI: trigger (push or workflow_dispatch)
CI->>Paths: run dorny/paths-filter
Paths-->>CI: web_changed, desktop_changed
alt web_changed or manual
CI->>Web: call e2e.yml (inherit secrets)
end
alt desktop_changed or manual
CI->>Desktop: call desktop-e2e.yml (inherit secrets)
end
CI->>ReleaseGate: retrigger-release-gate job (on push)
ReleaseGate->>ReleaseGate: find latest ci-e2e run for MAIN_SHA and inspect jobs
ReleaseGate->>ReleaseGate: verify Web/Desktop jobs ran and concluded successfully (fallback to earlier run if needed)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: consolidating E2E test orchestration into a new ci-e2e.yml workflow with unified change detection and adding release gate retrigger logic.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/release-gate-retrigger-on-main-push

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a post-E2E automation on main to re-trigger the “Release Gate” workflow for any open release-please PR so the gate reflects the latest main E2E outcome (avoiding stale green checks).

Changes:

  • Adds a retrigger-release-gate job to .github/workflows/e2e.yml that runs after web-e2e on push to main.
  • Uses gh pr list to find an open release-please PR and gh run rerun to rerun its most recent release-gate.yml workflow run.

Comment thread .github/workflows/e2e.yml Outdated
Comment thread .github/workflows/e2e.yml Outdated
- Add pull-requests: read permission for gh pr list
- Filter for completed runs only before gh run rerun

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: f03b9b6eac89

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
.github/workflows/e2e.yml (1)

197-199: Refine PR lookup to explicitly match the release-please branch naming convention.

The current --search "head:release-please" performs prefix matching and will correctly find branches like release-please--branches--main. However, it would also match unintended branches (e.g., release-please-old, release-please-backup). Since the codebase uses the release-please--* naming convention (as seen in release-gate.yml), explicitly filtering by that pattern is clearer and more defensive.

🛠️ More explicit PR lookup
          PR_BRANCH=$(gh pr list --repo "${{ github.repository }}" \
-           --search "head:release-please" --state open --limit 1 \
-           --json headRefName --jq '.[0].headRefName // empty')
+           --state open --limit 100 --json headRefName \
+           --jq 'map(select(.headRefName | startswith("release-please--"))) | .[0].headRefName // empty')
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/e2e.yml around lines 197 - 199, Update the PR lookup to
only match branches following the explicit release-please naming convention by
changing the gh PR search string used when populating PR_BRANCH: replace the
loose prefix filter "head:release-please" with the explicit pattern
"head:release-please--" in the gh pr list invocation (the command that sets
PR_BRANCH) so only branches like release-please--* are returned.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/e2e.yml:
- Around line 208-220: The current step uses gh run rerun which preserves the
original GITHUB_SHA/GITHUB_REF so release-gate.yml's detect-changes (the
PREV_TAG..HEAD diff) still compares against the stale PR HEAD; replace the gh
run rerun invocation with either (A) dispatching the release-gate workflow on
main (use gh workflow run / workflow_dispatch API to run release-gate.yml with
--ref main or via the workflow's dispatch endpoint) so the workflow executes
with main's current HEAD, or (B) change release-gate.yml's detect-changes logic
to resolve main dynamically (git fetch origin main and diff
PREV_TAG..origin/main instead of PREV_TAG..HEAD) so reruns correctly compare
against current main; refer to the gh run rerun call, release-gate.yml, and the
detect-changes / PREV_TAG..HEAD comparison to implement one of these fixes.

---

Nitpick comments:
In @.github/workflows/e2e.yml:
- Around line 197-199: Update the PR lookup to only match branches following the
explicit release-please naming convention by changing the gh PR search string
used when populating PR_BRANCH: replace the loose prefix filter
"head:release-please" with the explicit pattern "head:release-please--" in the
gh pr list invocation (the command that sets PR_BRANCH) so only branches like
release-please--* are returned.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f51308d8-2c7b-47b8-9313-e86b815070f6

📥 Commits

Reviewing files that changed from the base of the PR and between 78bef4b and a22492a.

📒 Files selected for processing (1)
  • .github/workflows/e2e.yml

Comment thread .github/workflows/e2e.yml Outdated
Single orchestrator workflow for push-to-main E2E testing:
- New ci-e2e.yml with unified change detection (dorny/paths-filter)
  for both web and desktop paths
- Conditionally calls e2e.yml and desktop-e2e.yml via workflow_call
- Owns the retrigger-release-gate job (moved from e2e.yml)
- e2e.yml and desktop-e2e.yml retain workflow_call + workflow_dispatch
  triggers for manual runs and direct invocation
- Release gate updated to poll ci-e2e.yml and verify specific job
  conclusions (handles skipped-due-to-no-changes case)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 9c7659b74311
@FSM1 FSM1 changed the title ci: re-trigger release gate after E2E completes on main ci: consolidate E2E orchestration with change detection and release gate retrigger Mar 29, 2026
@codecov

codecov Bot commented Mar 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.15%. Comparing base (78bef4b) to head (20737dd).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #394      +/-   ##
==========================================
- Coverage   61.18%   61.15%   -0.04%     
==========================================
  Files         132      132              
  Lines        9750     9750              
  Branches      978      976       -2     
==========================================
- Hits         5966     5963       -3     
- Misses       3570     3573       +3     
  Partials      214      214              
Flag Coverage Δ
api 84.30% <ø> (-0.06%) ⬇️
api-client 84.30% <ø> (-0.06%) ⬇️
core 84.30% <ø> (-0.06%) ⬇️
crypto 84.30% <ø> (-0.06%) ⬇️
sdk 84.30% <ø> (-0.06%) ⬇️
sdk-core 84.30% <ø> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/ci-e2e.yml:
- Around line 31-50: The desktop file-watch patterns in ci-e2e.yml are missing
the apps/desktop/src-tauri/Cargo.lock entry; update the desktop patterns array
(the block containing entries like 'apps/desktop/src/**',
'apps/desktop/src-tauri/Cargo.toml', etc.) to include
'apps/desktop/src-tauri/Cargo.lock' so changes to that lockfile trigger the
desktop E2E workflow consistently with release-gate.yml.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 67531e6f-8d6f-4c94-afce-1ab6fc5a1c46

📥 Commits

Reviewing files that changed from the base of the PR and between a22492a and 78d8550.

📒 Files selected for processing (4)
  • .github/workflows/ci-e2e.yml
  • .github/workflows/desktop-e2e.yml
  • .github/workflows/e2e.yml
  • .github/workflows/release-gate.yml
💤 Files with no reviewable changes (2)
  • .github/workflows/desktop-e2e.yml
  • .github/workflows/e2e.yml

Comment thread .github/workflows/ci-e2e.yml
gh run rerun preserves the original GITHUB_SHA, so HEAD after
checkout points to the stale PR merge commit. Diff against
origin/main instead to detect desktop changes against current main.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: baa91ca323bc

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comment thread .github/workflows/release-gate.yml Outdated
Comment thread .github/workflows/release-gate.yml Outdated
- Add missing Cargo.lock to desktop patterns in ci-e2e.yml
- Fix jq parse error on empty gh run list result in release gate
- Update log messages from "Web E2E" to "CI E2E" in polling loop

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 92e9c7769bd7

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (1)

.github/workflows/release-gate.yml:71

  • This comment says the desktop path patterns are “mirrored from ci-e2e.yml”, but the DESKTOP_PATTERNS list here is missing several paths present in ci-e2e.yml (e.g., crates/**, root Cargo.toml/Cargo.lock, tests/vectors/**, and .github/workflows/ci-e2e.yml). That can cause the release gate to skip Desktop E2E verification even when desktop-related Rust code changed. Align this pattern list with ci-e2e.yml (or refactor so both workflows share a single source of truth).
          # Desktop-related path patterns (mirrored from ci-e2e.yml)
          DESKTOP_PATTERNS=(
            'apps/desktop/src/'
            'apps/desktop/src-tauri/src/'
            'apps/desktop/src-tauri/vendor/'

Comment thread .github/workflows/ci-e2e.yml Outdated
Comment thread .github/workflows/ci-e2e.yml
- Set fetch-depth: 0 so dorny/paths-filter can diff against before SHA
- Remove nonexistent apps/desktop/src-tauri/Cargo.lock (root Cargo.lock
  already covers workspace lockfile changes)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: e9226a3a0ace
@FSM1

FSM1 commented Mar 29, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai please review

@coderabbitai

coderabbitai Bot commented Mar 29, 2026

Copy link
Copy Markdown

@FSM1 Sure! I'll review the PR now.

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/release-gate.yml (1)

67-84: ⚠️ Potential issue | 🟠 Major

Desktop path patterns don't match ci-e2e.yml — gate verification can be bypassed.

The comment claims patterns are mirrored from ci-e2e.yml, but several patterns are missing or incorrect:

Missing (ci-e2e.yml will run desktop E2E, but release-gate won't require verification):

  • crates/ — covers changes to Rust crates
  • Cargo.toml and Cargo.lock at root level
  • tests/vectors/
  • .github/workflows/ci-e2e.yml

Extra (release-gate may require verification when ci-e2e.yml didn't run tests):

  • apps/desktop/src-tauri/Cargo.lock — not present in ci-e2e.yml patterns
Proposed fix to align patterns
           # Desktop-related path patterns (mirrored from ci-e2e.yml)
           DESKTOP_PATTERNS=(
             'apps/desktop/src/'
             'apps/desktop/src-tauri/src/'
             'apps/desktop/src-tauri/vendor/'
             'apps/desktop/src-tauri/capabilities/'
             'apps/desktop/src-tauri/resources/'
             'apps/desktop/src-tauri/Cargo.toml'
-            'apps/desktop/src-tauri/Cargo.lock'
             'apps/desktop/src-tauri/build.rs'
             'apps/desktop/src-tauri/rust-toolchain.toml'
             'apps/desktop/index.html'
             'apps/desktop/vite.config.'
             'apps/desktop/tsconfig'
+            'crates/'
+            'Cargo.toml'
+            'Cargo.lock'
+            'tests/vectors/'
             'packages/crypto/src/'
             'packages/crypto/tsconfig'
             '.github/workflows/desktop-e2e.yml'
+            '.github/workflows/ci-e2e.yml'
           )
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release-gate.yml around lines 67 - 84, DESKTOP_PATTERNS
currently deviates from ci-e2e.yml: remove the extra
'apps/desktop/src-tauri/Cargo.lock' entry and add the missing patterns so the
gate mirrors ci-e2e.yml exactly; specifically update the DESKTOP_PATTERNS array
(the variable named DESKTOP_PATTERNS in the release-gate.yml diff) to include
'crates/', root-level 'Cargo.toml' and 'Cargo.lock', 'tests/vectors/', and
'.github/workflows/ci-e2e.yml' while removing the incorrect
apps/desktop/src-tauri/Cargo.lock pattern so release-gate verification matches
ci-e2e.yml.
🧹 Nitpick comments (1)
.github/workflows/release-gate.yml (1)

162-164: Job name matching via contains() is fragile but functional.

When ci-e2e.yml calls the reusable e2e.yml workflow, GitHub may surface the job with a composed name like "Web E2E / Web E2E Tests". The contains("Web E2E") filter should match this, but the approach is sensitive to job name changes in either workflow.

Consider adding a brief comment documenting the expected job name format, or using a more specific pattern if the exact composed name is known.

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/release-gate.yml around lines 162 - 164, Summary: The
WEB_E2E_RAN calculation relies on a fragile contains("Web E2E") jq filter that
can break if job names change; update it to be explicit or document the expected
job-name composition. Fix: In the expression that sets WEB_E2E_RAN, either
replace the contains("Web E2E") predicate with a more robust jq regex test
(e.g., use test("^Web E2E") or a pattern matching the known composed name like
"Web E2E / Web E2E Tests") to avoid accidental mismatches, or keep contains but
add a clear inline comment documenting the exact job-name format produced by
reusable e2e.yml; refer to the WEB_E2E_RAN variable and the contains("Web E2E")
predicate to locate the change. Ensure the chosen pattern matches both simple
and composed names and update the comment accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/release-gate.yml:
- Around line 67-84: DESKTOP_PATTERNS currently deviates from ci-e2e.yml: remove
the extra 'apps/desktop/src-tauri/Cargo.lock' entry and add the missing patterns
so the gate mirrors ci-e2e.yml exactly; specifically update the DESKTOP_PATTERNS
array (the variable named DESKTOP_PATTERNS in the release-gate.yml diff) to
include 'crates/', root-level 'Cargo.toml' and 'Cargo.lock', 'tests/vectors/',
and '.github/workflows/ci-e2e.yml' while removing the incorrect
apps/desktop/src-tauri/Cargo.lock pattern so release-gate verification matches
ci-e2e.yml.

---

Nitpick comments:
In @.github/workflows/release-gate.yml:
- Around line 162-164: Summary: The WEB_E2E_RAN calculation relies on a fragile
contains("Web E2E") jq filter that can break if job names change; update it to
be explicit or document the expected job-name composition. Fix: In the
expression that sets WEB_E2E_RAN, either replace the contains("Web E2E")
predicate with a more robust jq regex test (e.g., use test("^Web E2E") or a
pattern matching the known composed name like "Web E2E / Web E2E Tests") to
avoid accidental mismatches, or keep contains but add a clear inline comment
documenting the exact job-name format produced by reusable e2e.yml; refer to the
WEB_E2E_RAN variable and the contains("Web E2E") predicate to locate the change.
Ensure the chosen pattern matches both simple and composed names and update the
comment accordingly.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 22464127-6bee-4dd0-bafe-3cdbe671e627

📥 Commits

Reviewing files that changed from the base of the PR and between 78d8550 and 9195c80.

📒 Files selected for processing (2)
  • .github/workflows/ci-e2e.yml
  • .github/workflows/release-gate.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/ci-e2e.yml

- Add missing patterns: crates/, Cargo.toml, Cargo.lock, tests/vectors/,
  .github/workflows/ci-e2e.yml
- Remove nonexistent apps/desktop/src-tauri/Cargo.lock
- Document composed job name format for Web E2E contains() filter

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: d5267b9c1a63
@FSM1

FSM1 commented Mar 29, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai

Both issues from the latest CodeRabbit review addressed in a796d7c:

  1. Desktop pattern mismatch (Major): Aligned DESKTOP_PATTERNS in release-gate.yml with ci-e2e.yml — added crates/, Cargo.toml, Cargo.lock, tests/vectors/, .github/workflows/ci-e2e.yml; removed nonexistent apps/desktop/src-tauri/Cargo.lock.

  2. Fragile job name matching (Nitpick): Added inline comment documenting the composed job name format ("Web E2E / Web E2E Tests") for the contains("Web E2E") filter.

@coderabbitai

coderabbitai Bot commented Mar 29, 2026

Copy link
Copy Markdown

Tip

For best results, initiate chat on the files or code changes.

@FSM1 Thanks for the detailed summary — both fixes look solid:

  1. Desktop pattern mismatch — Aligning DESKTOP_PATTERNS in release-gate.yml with ci-e2e.yml (including crates/, Cargo.toml, Cargo.lock, tests/vectors/, and removing the nonexistent apps/desktop/src-tauri/Cargo.lock) correctly ensures change detection stays in sync between the orchestrator and the release gate.

  2. Fragile job name matching — The inline comment documenting "Web E2E / Web E2E Tests" as the composed job name format for the contains("Web E2E") filter is a good guard against future confusion if the workflow or job name ever changes.

Both issues are fully addressed. 🎉


🧠 Learnings used
Learnt from: FSM1
Repo: FSM1/cipher-box PR: 296
File: .release-please-manifest.json:3-6
Timestamp: 2026-03-20T14:25:00.151Z
Learning: In FSM1/cipher-box, the newly extracted packages `packages/core`, `packages/api-client`, `packages/sdk-core`, and `packages/sdk` are all `private: true` and share the monorepo version (`0.24.2`). Their entries in `.release-please-manifest.json` must match the version declared in their respective `package.json` files (currently `0.24.2`). Do NOT suggest initialising them at `0.1.0` — that would create a manifest/package.json mismatch and break Release Please bump calculations. Only `packages/crypto` and the root `"."` were pre-existing; the new packages simply join the same coupled versioning scheme.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 267
File: .github/workflows/codecov-base.yml:56-57
Timestamp: 2026-03-04T20:40:22.406Z
Learning: In the cipher-box project, the `desktop` flag in `codecov.yml` corresponds to a Rust/Tauri application that does not produce lcov-format coverage output. The `coverage-lcov` CI artifact therefore intentionally contains only `apps/api/coverage/lcov.info` and `packages/crypto/coverage/lcov.info`. The missing desktop flag is handled by `carryforward: true` in `codecov.yml`, which carries forward the last known desktop coverage value. Do not flag the absence of a desktop lcov file or desktop flag in Codecov upload steps.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 318
File: tests/sdk-e2e/package.json:9-9
Timestamp: 2026-03-22T18:40:19.224Z
Learning: In FSM1/cipher-box (`tests/sdk-e2e/package.json` and `tests/load/package.json`), the `"test:single"` npm script uses `vitest run --no-coverage --testPathPattern` as an intentional shorthand prefix. Users append a pattern value as a positional argument (e.g. `pnpm test:single mixed-workload`). Although `--testPathPattern` is not a documented Vitest CLI flag, it is accepted by Vitest's underlying `cac` CLI parser without erroring. Do NOT flag this as a broken or unsupported flag in future PRs — the maintainer has confirmed it works as designed.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 253
File: tests/e2e-desktop/scripts/test-conflict-detection.ps1:156-157
Timestamp: 2026-03-03T14:55:05.884Z
Learning: In `tests/e2e-desktop/scripts/*.{sh,ps1}` (FUSE E2E tests): Fixed sleep-based waits after file mutations are an inherent limitation of FUSE-mount testing. The FUSE daemon provides no IPC signal or status endpoint to indicate when a debounced IPNS metadata publish completes. Tests use conservative fixed waits (e.g., 8s for initial publish accounting for 1.5s debounce + 10s safety valve, 15s for conflict resolution) and can be increased if CI proves flaky. Eliminating sleep-based waits would require exposing an IPC readiness signal from the FUSE daemon.

If you found this review helpful, would you consider giving us a shout-out on X?

Thank you for using CodeRabbit!

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

Comment thread .github/workflows/release-gate.yml Outdated
Comment thread .github/workflows/ci-e2e.yml Outdated
Comment thread .github/workflows/release-gate.yml
- Guard against all-zero SHA in dorny/paths-filter base ref
- Add gh api error handling for Web E2E job verification
- Update stale comment wording from "desktop E2E runs" to
  "CI E2E orchestrator runs"

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Entire-Checkpoint: 8525b4154e13
@FSM1

FSM1 commented Mar 29, 2026

Copy link
Copy Markdown
Owner Author

@coderabbitai please review

@coderabbitai

coderabbitai Bot commented Mar 29, 2026

Copy link
Copy Markdown

@FSM1 Sure! I'll trigger a review of the latest changes now.


🧠 Learnings used
Learnt from: FSM1
Repo: FSM1/cipher-box PR: 296
File: .release-please-manifest.json:3-6
Timestamp: 2026-03-20T14:25:00.151Z
Learning: In FSM1/cipher-box, the newly extracted packages `packages/core`, `packages/api-client`, `packages/sdk-core`, and `packages/sdk` are all `private: true` and share the monorepo version (`0.24.2`). Their entries in `.release-please-manifest.json` must match the version declared in their respective `package.json` files (currently `0.24.2`). Do NOT suggest initialising them at `0.1.0` — that would create a manifest/package.json mismatch and break Release Please bump calculations. Only `packages/crypto` and the root `"."` were pre-existing; the new packages simply join the same coupled versioning scheme.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 267
File: .github/workflows/codecov-base.yml:56-57
Timestamp: 2026-03-04T20:40:22.406Z
Learning: In the cipher-box project, the `desktop` flag in `codecov.yml` corresponds to a Rust/Tauri application that does not produce lcov-format coverage output. The `coverage-lcov` CI artifact therefore intentionally contains only `apps/api/coverage/lcov.info` and `packages/crypto/coverage/lcov.info`. The missing desktop flag is handled by `carryforward: true` in `codecov.yml`, which carries forward the last known desktop coverage value. Do not flag the absence of a desktop lcov file or desktop flag in Codecov upload steps.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 296
File: packages/sdk/src/client.ts:286-360
Timestamp: 2026-03-20T23:50:55.576Z
Learning: In `packages/sdk/src/client.ts` (`CipherBoxClient`): Concurrent mutations to the same folder (e.g., `createFolder`, `renameItem`, `moveItem`, `deleteItem`, `deleteToBin`) are intentionally not serialized with a per-folder mutex in the SDK. Concurrent safety is provided at the UI layer — buttons/actions are disabled while an operation is in flight. A keyed async mutex/queue per folder IPNS name (and a separate one for bin state) is a known deferred improvement and should not be re-flagged as a regression in this or future PRs (first flagged in PR `#296`).

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 352
File: .github/workflows/ci.yml:669-674
Timestamp: 2026-03-24T19:11:22.876Z
Learning: In FSM1/cipher-box GitHub Actions workflows, `!failure() && !cancelled()` is the standard conditional pattern for jobs that should run when upstream jobs succeed *or are skipped*. Skipped upstream jobs do not trigger `failure()` (their result is `skipped`, not `failure`), so this expression evaluates to `true` and prevents skip-propagation. `always()` is only required when a job must run even if upstream jobs have actually failed or been cancelled. Do not flag `!failure() && !cancelled()` as insufficient for handling skipped upstream jobs.

Learnt from: FSM1
Repo: FSM1/cipher-box PR: 253
File: tests/e2e-desktop/scripts/test-conflict-detection.ps1:156-157
Timestamp: 2026-03-03T14:55:05.884Z
Learning: In `tests/e2e-desktop/scripts/*.{sh,ps1}` (FUSE E2E tests): Fixed sleep-based waits after file mutations are an inherent limitation of FUSE-mount testing. The FUSE daemon provides no IPC signal or status endpoint to indicate when a debounced IPNS metadata publish completes. Tests use conservative fixed waits (e.g., 8s for initial publish accounting for 1.5s debounce + 10s safety valve, 15s for conflict resolution) and can be increased if CI proves flaky. Eliminating sleep-based waits would require exposing an IPC readiness signal from the FUSE daemon.
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
.github/workflows/ci-e2e.yml (1)

99-110: Consider logging the re-run outcome for observability.

The gh run rerun command will fail silently (in terms of workflow logs) if the API call succeeds but the run cannot be re-triggered (e.g., workflow disabled, permissions issues). Adding a confirmation step could improve debugging.

♻️ Optional: Log re-run confirmation
          echo "Re-running release gate (run ${RUN_ID}) so it verifies E2E against current main"
-         gh run rerun "${RUN_ID}" --repo "${{ github.repository }}"
+         if gh run rerun "${RUN_ID}" --repo "${{ github.repository }}"; then
+           echo "✅ Successfully re-triggered release gate run ${RUN_ID}"
+         else
+           echo "::warning::Failed to re-trigger release gate run ${RUN_ID}"
+         fi
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci-e2e.yml around lines 99 - 110, The rerun step currently
invokes gh run rerun on RUN_ID but doesn't log whether the re-run was actually
queued or failed; after calling gh run rerun "${RUN_ID}" (and/or capturing its
stdout/stderr) check the command exit code and/or call gh run view "${RUN_ID}"
(or use gh run list filtered by databaseId) to confirm the run was re-triggered,
then emit a clear log line like "Re-run queued for ${RUN_ID}" on success or
"Failed to queue re-run for ${RUN_ID}: <error/exit-code/gh output>" on failure;
update the block that sets RUN_ID and invokes gh run rerun to capture and log
this outcome.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/ci-e2e.yml:
- Around line 99-110: The rerun step currently invokes gh run rerun on RUN_ID
but doesn't log whether the re-run was actually queued or failed; after calling
gh run rerun "${RUN_ID}" (and/or capturing its stdout/stderr) check the command
exit code and/or call gh run view "${RUN_ID}" (or use gh run list filtered by
databaseId) to confirm the run was re-triggered, then emit a clear log line like
"Re-run queued for ${RUN_ID}" on success or "Failed to queue re-run for
${RUN_ID}: <error/exit-code/gh output>" on failure; update the block that sets
RUN_ID and invokes gh run rerun to capture and log this outcome.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 12b26891-2a81-482c-882d-c4fe7c48a913

📥 Commits

Reviewing files that changed from the base of the PR and between 9195c80 and 20737dd.

📒 Files selected for processing (2)
  • .github/workflows/ci-e2e.yml
  • .github/workflows/release-gate.yml
🚧 Files skipped from review as they are similar to previous changes (1)
  • .github/workflows/release-gate.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants