Skip to content

chore: automate release train metadata sync #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Arenukvern merged 1 commit into from
Jun 29, 2026
+590 −0
Merged

chore: automate release train metadata sync #16

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ jobs:
channel: stable
cache: true

- name: release train metadata check
run: dart tool/intentcall/bin/release_train.dart check

- name: dart pub get
run: dart pub get

Expand Down
44 changes: 44 additions & 0 deletions .github/workflows/release-pr-sync-train.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
name: Release PR Sync Train

on:
pull_request:
branches:
- main
types:
- opened
- synchronize
- reopened

permissions:
contents: write
pull-requests: write
Comment on lines +12 to +14

@coderabbitai coderabbitai Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Drop the unused pull-requests: write permission.

This job only needs to push commits back to the branch. Keeping PR-write scope here unnecessarily broadens the token if the workflow is ever repurposed or a later step is added.

Suggested fix 
 permissions:
   contents: write
-  pull-requests: write
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
permissions:
contents: write
pull-requests: write
permissions:
contents: write
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/release-pr-sync-train.yml around lines 12 - 14, The
workflow permissions are broader than needed because the release PR sync job
only pushes commits back to the branch, so the `pull-requests: write` scope
should be removed. Update the permissions block in the release sync workflow to
keep only the `contents: write` access, and leave the rest of the job unchanged.


jobs:
sync-release-train:
if: github.event.pull_request.head.repo.full_name == github.repository && github.head_ref == 'release-please--branches--main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.RELEASE_PLEASE_TOKEN || secrets.GITHUB_TOKEN }}

- uses: subosito/flutter-action@1a449444c387b1966244ae4d4f8c696479add0b2
with:
channel: stable
cache: true

- name: sync release train metadata
run: dart tool/intentcall/bin/release_train.dart sync

- name: commit release train metadata
run: |
if git diff --quiet; then
echo "Release train metadata already synchronized."
exit 0
fi
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add packages/*/pubspec.yaml packages/intentcall_platform/ios/intentcall_platform.podspec packages/intentcall_platform/macos/intentcall_platform.podspec
git commit -m "chore: sync release train metadata"
git push origin HEAD:${{ github.head_ref }}
12 changes: 12 additions & 0 deletions justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,18 @@ publish-tag-execute tag:
check-path-deps:
dart run tool/intentcall/bin/intentcall.dart check-path-deps

# Check release train metadata without requiring pub resolution
check-release-train:
dart tool/intentcall/bin/release_train.dart check

# Synchronize release train versions, internal floors, and native podspecs
sync-release-train:
dart run tool/intentcall/bin/intentcall.dart sync-release-train

# Synchronize release train metadata to a specific version
sync-release-train-version version:
dart run tool/intentcall/bin/intentcall.dart sync-release-train --version {{version}}
Comment on lines +53 to +58

@coderabbitai coderabbitai Bot Jun 29, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '## justfile targets\n'
git ls-files justfile
echo

echo '## relevant justfile excerpt'
nl -ba justfile | sed -n '45,70p'
echo

echo '## tool/intentcall/bin files'
git ls-files 'tool/intentcall/bin/*'
echo

echo '## search for release_train and sync-release-train references'
rg -n "release_train|sync-release-train|intentcall" justfile tool/intentcall/bin -g '!**/node_modules/**'
echo

echo '## outline release_train.dart if present'
if [ -f tool/intentcall/bin/release_train.dart ]; then
  ast-grep outline tool/intentcall/bin/release_train.dart --view expanded || true
fi

Repository: Arenukvern/intentcall

Length of output: 258

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo '## justfile excerpt'
sed -n '45,70p' justfile
echo

echo '## intentcall bin files'
git ls-files 'tool/intentcall/bin/*'
echo

echo '## release_train and sync references'
rg -n "release_train|sync-release-train|intentcall" justfile tool/intentcall/bin
echo

echo '## if release_train.dart exists, show its first 220 lines'
if [ -f tool/intentcall/bin/release_train.dart ]; then
  sed -n '1,220p' tool/intentcall/bin/release_train.dart
fi

Repository: Arenukvern/intentcall

Length of output: 15712

Keep the sync targets dependency-free. sync-release-train and sync-release-train-version still go through dart run, so they can fail in the same stale pub-resolution state they're meant to fix. Point them at dart tool/intentcall/bin/release_train.dart sync instead.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@justfile` around lines 53 - 58, The sync-release-train targets still invoke
the intentcall entrypoint through dart run, which can depend on stale pub
resolution; update both sync-release-train and sync-release-train-version in the
justfile to call the dedicated release_train.dart sync script directly with dart
tool/intentcall/bin/release_train.dart sync, preserving the version argument for
the versioned target.


# Print hosted dependencies block for the synchronized package train
print-hosted-deps:
dart run tool/intentcall/bin/intentcall.dart print-hosted-deps
Expand Down
37 changes: 37 additions & 0 deletions tool/intentcall/bin/intentcall.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ import 'dart:io';
import 'package:args/args.dart';
import 'package:path/path.dart' as p;

import 'release_train.dart' as release_train;

const publishOrder = [
'intentcall_schema',
'intentcall_core',
Expand All @@ -21,6 +23,22 @@ void main(List<String> arguments) async {
final parser = ArgParser()
..addCommand('doctor')
..addCommand('validate')
..addCommand('check-release-train')
..addCommand(
'sync-release-train',
ArgParser()
..addOption(
'version',
abbr: 'v',
help:
'Train version to sync. Defaults to .release-please-manifest.json or package versions.',
)
..addFlag(
'check',
negatable: false,
help: 'Report whether sync would edit files without writing them.',
),
)
..addCommand('check-path-deps')
..addCommand('check-doc-versions')
..addCommand(
Expand Down Expand Up @@ -105,6 +123,19 @@ void main(List<String> arguments) async {
final code = await runValidate(repoRoot);
exit(code);

case 'check-release-train':
final code = await release_train.runReleaseTrainCheck(repoRoot);
exit(code);

case 'sync-release-train':
final cmdResults = results.command!;
final code = await release_train.runReleaseTrainSync(
repoRoot,
version: cmdResults['version'] as String?,
checkOnly: cmdResults['check'] as bool? ?? false,
);
exit(code);

case 'check-path-deps':
final code = await runCheckPathDeps(repoRoot);
exit(code);
Expand Down Expand Up @@ -193,6 +224,12 @@ void printUsage(ArgParser parser) {
print(
' validate Validate path dependencies and version consistency.',
);
print(
' check-release-train Verify train versions, internal floors, and podspecs.',
);
print(
' sync-release-train Rewrite train versions, internal floors, and podspecs.',
);
print(
' check-path-deps Scan workspace for invalid path dependencies.',
);
Expand Down
Loading
Loading