chore: add release automation script and bot-PR workflow#625
Merged
Conversation
Replaces the agent-driven release skill with a deterministic local script plus one bot-authored-PR workflow, now that releases are stable-only and the procedure is fixed. - .github/workflows/release-pr.yml: opens a release PR (version bump or docs versions.json bump) as the pr-automation-bot-public App, so a single release driver can approve it without a second reviewer. No new repo/org settings. - scripts/release.sh: orchestrates the release end to end (bump PR -> tag -> Release workflow -> npm -> homebrew-tap -> docs versions), pausing only for the 2-3 PR approvals. Clear per-step failure reporting; no auto rollback. The .claude/skills/release/ skill is left in place and can be removed after the first successful run of the new script. Follow-up (deferred): docs versions.json currently keys by major.minor, so a future v1.1.0 would add a /1.1/ entry. Whether 1.x docs should collapse to a single /1/ major version is a team decision tracked separately. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a deterministic release process for icp-cli by replacing the prior agent-driven approach with a local driver script plus a GitHub Actions workflow that opens bot-authored release PRs.
Changes:
- Add
scripts/release.shto drive the end-to-end stable release flow (bump PR → tag → workflows → npm → homebrew-tap → docs versions). - Add
.github/workflows/release-pr.ymlto open bot-authored PRs for version bumps and docs version updates viaworkflow_dispatch.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| scripts/release.sh | New local release driver script orchestrating PR creation/approval, tagging, workflow watching, and downstream publish steps. |
| .github/workflows/release-pr.yml | New workflow to open release PRs (version bump or docs versions) authored by the PR automation GitHub App. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- release.sh: skip the version-bump PR when origin/main is already at the target version, so re-running after a merged bump no longer re-opens the PR (and can't trigger a duplicate CHANGELOG header). - release.sh: dispatch npm by workflow filename (release-npm.yml) instead of the display name, for an unambiguous identifier. - release.sh: harden the docs versions.json read — fail clearly on a parse error or multiple `latest:true` entries instead of silently proceeding. - release-pr.yml: make CHANGELOG promotion idempotent (skip if a `# vX.Y.Z` header already exists) so a re-dispatch can't duplicate the section. - release-pr.yml: clarify the `cargo update --workspace` comment (it re-locks only the workspace members' versions, not dependency versions). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
adamspofford-dfinity
approved these changes
Jun 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replaces the agent-driven release skill with a deterministic, local shell script plus one bot-authored-PR workflow. Now that releases are stable-only and the procedure is fixed, an AI agent is overkill; a script is a better fit and needs no new repo/org settings.
.github/workflows/release-pr.ymlA
workflow_dispatchworkflow that opens a release PR authored by thepr-automation-bot-publicGitHub App (the same App + secretsbump-network-launcher.ymlalready uses). Because the bot authors the PR, a single release driver can approve it without a second reviewer. Onekindinput handles both:version-bump: bumps the workspace version,cargo update --workspaceforCargo.lock, and promotes# Unreleased→# vX.Y.Zin the changelog.docs-versions: adds the new docs version todocs-site/versions.json.scripts/release.sh./scripts/release.sh <VERSION>drives the whole release: bump PR → tag + push → cargo-dist Release workflow → npm → homebrew-tap → docs versions. It pauses only for the 2–3 PR approvals (version bump, homebrew-tap, and — for a new minor — docs versions). Clear per-step failure reporting with URLs; no automatic rollback by design. Re-running with the same version reuses any PR/tag that already exists.Why this works without settings changes
GITHUB_TOKEN-doesn't-trigger-workflows limitation never applies.ghauth already spansdfinity/homebrew-tap, so no cross-repo dispatch token is needed.Before first use
workflow_dispatchonly works oncerelease-pr.ymlis on the default branch..claude/skills/release/skill is intentionally kept for now; remove it after the first successful run of the new script.Follow-up (deferred)
docs-site/versions.jsoncurrently keys by major.minor, matching today'sdocs.ymldeploy path — so a futurev1.1.0would add a/1.1/entry. Whether the whole1.xline should collapse to a single/1/major version (with/2/next) is a team decision tracked separately; this PR keeps the existing behavior.Validation
shellcheckclean; YAML parses; the version-bump awk transforms, the docsversions.jsonjq (new-minor and patch/no-op cases), and both rendered PR bodies were tested against the real repo files.🤖 Generated with Claude Code