ci: two-stage release with manual approval (4.x)#817
Conversation
Replace the previous tag-based release workflow with the same prepare + approve + release flow used on master: a manually dispatched Prepare Release opens a version-bump PR, and merging it triggers a Release that checks the version against npm, pushes an approval request to DingTalk, waits on the `release` environment gate, then publishes (dist-tag `latest-4`) via OIDC and creates the GitHub Release.
|
Note Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
commit: |
Release urllib v4.9.1. Merging this PR updates the version on `4.x` and triggers the release workflow, which publishes to npm (dist-tag `latest-4`) and creates the GitHub Release after manual approval. ## What's Changed ### Security * Do not forward credential headers (`Authorization`, `Cookie`, `Proxy-Authorization`) on cross-origin redirect, and clear `auth`/`digestAuth`, matching the WHATWG Fetch spec and undici's `RedirectHandler` (#812). Same-origin redirects are unchanged and the caller's `options` object is never mutated. ### Dependencies * Update runtime dependencies: undici (`^7.24.0`), qs, form-data, formstream, and type-fest. ### Internal * Migrate the toolchain to Vite+ (Vitest 4, Oxlint, Oxfmt, tsdown). * Two-stage release workflow with manual approval, publishing the 4.x line to the `latest-4` npm dist-tag (#817). --------- Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com> Co-authored-by: MK <fengmk2@gmail.com>
1 participant
Brings the 4.x maintenance branch onto the same release flow as master (#814), so every line releases the same way.
Flow: run Prepare Release (manual, with a version) -> it opens a
release/vX.Y.ZPR -> merge it -> Release checks the version against npm, pushes an approval request to DingTalk, waits on thereleaseenvironment gate, then publishes and creates the GitHub Release.4.x specifics:
latest-4(neverlatest).vp) toolchain.release.yml.id-token: write).Requires the repo
releaseenvironment (required reviewers) and npm trusted-publisher config to allow this branch's workflow. DingTalk secrets are already set repo-wide.