From 449d7d2f17157148a9816839cb4fc6dd156cc267 Mon Sep 17 00:00:00 2001 From: Chris Arter Date: Mon, 1 Jun 2026 10:58:12 -0400 Subject: [PATCH 1/3] Re-lock uv.lock to 0.8.6 so `uv sync --locked` passes in CI The Release v0.8.6 commit (625a415) bumped the version in pyproject.toml, plugin.json, marketplace.json, and src/bully/__init__.py but never re-ran `uv lock`, so the committed uv.lock still pinned the editable bully package at 0.8.5. Since 721a16d switched CI to `uv sync --locked --all-extras`, that version mismatch hard-fails the first CI step ("The lockfile at `uv.lock` needs to be updated, but `--locked` was provided"), turning main red since v0.8.6. Co-Authored-By: Claude Opus 4.8 (1M context) --- uv.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uv.lock b/uv.lock index 4ec875d..bb7ba0c 100644 --- a/uv.lock +++ b/uv.lock @@ -61,7 +61,7 @@ wheels = [ [[package]] name = "bully" -version = "0.8.5" +version = "0.8.6" source = { editable = "." } [package.optional-dependencies] From 85ee488ff55a083dfbd4dac42feb73e7232c5acd Mon Sep 17 00:00:00 2001 From: Chris Arter Date: Mon, 1 Jun 2026 10:58:22 -0400 Subject: [PATCH 2/3] Drop npm ecosystem from Dependabot (no root package.json) The npm stanza was added on the assumption it would be a harmless no-op until a package.json lands, but Dependabot hard-errors on a missing manifest ("dependency_file_not_found: /package.json not found") and reports the whole update job as failed on every weekly run. There is no root package.json, so remove the stanza; the comment now records the why for whoever adds node tooling. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/dependabot.yml | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 40b8ae6..82a32b4 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -41,12 +41,6 @@ updates: cooldown: default-days: 2 - # No package.json today; this stanza is a no-op until one lands at the repo - # root. Listed so the cooldown policy is uniform if/when node tooling is added. - - package-ecosystem: npm - directory: / - schedule: - interval: weekly - open-pull-requests-limit: 5 - cooldown: - default-days: 2 + # No npm ecosystem: there is no package.json at the repo root, and Dependabot + # hard-errors ("dependency_file_not_found") rather than no-op'ing on a missing + # manifest. Add an `npm` stanza here only once a root package.json actually lands. From 6490b4075925edffb1cb47d6befdf0cacae2115a Mon Sep 17 00:00:00 2001 From: Chris Arter Date: Mon, 1 Jun 2026 11:27:26 -0400 Subject: [PATCH 3/3] release-bully: re-lock uv.lock on release; fix stale BULLY_VERSION path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prevents the v0.8.6 CI breakage from recurring. The release workflow bumped the version in five files but never re-ran `uv lock`, leaving the editable bully package stale in uv.lock and failing CI's `uv sync --locked`. Add an explicit `uv lock` step in §3, include uv.lock in the §6 release commit and §5 verify diff, and add a common-mistakes row. Also correct the version-field path from the pre-restructure `pipeline/pipeline.py` to `src/bully/__init__.py` (where BULLY_VERSION now lives) in the table, both grep commands, and the §3 step. Co-Authored-By: Claude Opus 4.8 (1M context) --- .claude/skills/release-bully/SKILL.md | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/.claude/skills/release-bully/SKILL.md b/.claude/skills/release-bully/SKILL.md index 1e74ce8..61b7916 100644 --- a/.claude/skills/release-bully/SKILL.md +++ b/.claude/skills/release-bully/SKILL.md @@ -24,12 +24,12 @@ Bully is a Claude Code plugin. Claude Code detects updates by comparing the `ver | `.claude-plugin/marketplace.json` | root | `metadata.version` | | `.claude-plugin/marketplace.json` | first plugin entry | `plugins[0].version` | | `pyproject.toml` | `[project]` table | `version` | -| `pipeline/pipeline.py` | top of file | `BULLY_VERSION = "..."` (stamped into `session_init` telemetry records) | +| `src/bully/__init__.py` | top of file | `BULLY_VERSION = "..."` (stamped into `session_init` telemetry records) | Drift between these is the most common release bug. Grep to verify after editing: ```bash -grep -RnE '"version"|^version|^BULLY_VERSION' .claude-plugin/ pyproject.toml pipeline/pipeline.py +grep -RnE '"version"|^version|^BULLY_VERSION' .claude-plugin/ pyproject.toml src/bully/__init__.py ``` All five lines must show the new version. @@ -70,7 +70,15 @@ Use `Edit` (not `sed`) to update each file. Exact new string in every case: `X.Y For `marketplace.json`, there are two occurrences — bump both. -For `pipeline/pipeline.py`, update the `BULLY_VERSION = "X.Y.Z"` constant near the top. This value gets stamped into every `session_init` telemetry record, so it must match the released version exactly. +For `src/bully/__init__.py`, update the `BULLY_VERSION = "X.Y.Z"` constant near the top. This value gets stamped into every `session_init` telemetry record, so it must match the released version exactly. + +Then re-lock so `uv.lock` records the new project version: + +```bash +uv lock +``` + +The editable `bully` package's version in `uv.lock` is derived from `pyproject.toml`, so bumping `pyproject.toml` without re-locking leaves the lock stale. CI runs `uv sync --locked --all-extras`, which hard-fails on a stale lock ("The lockfile at `uv.lock` needs to be updated, but `--locked` was provided"). The re-locked `uv.lock` must be part of the release commit. ### 4. Rewrite CHANGELOG.md @@ -104,16 +112,16 @@ If the `[Unreleased]` section is empty or placeholder-only, derive entries from ### 5. Verify before committing ```bash -grep -RnE '"version"|^version|^BULLY_VERSION' .claude-plugin/ pyproject.toml pipeline/pipeline.py +grep -RnE '"version"|^version|^BULLY_VERSION' .claude-plugin/ pyproject.toml src/bully/__init__.py git diff ``` -All five version lines must show `X.Y.Z`. Diff should touch only the five version fields and `CHANGELOG.md`. If anything else changed, abort. +All five version lines must show `X.Y.Z`. Diff should touch only the five version fields, `uv.lock` (the re-lock from §3), and `CHANGELOG.md`. If anything else changed, abort. ### 6. Commit, tag, push ```bash -git add .claude-plugin/plugin.json .claude-plugin/marketplace.json pyproject.toml pipeline/pipeline.py CHANGELOG.md +git add .claude-plugin/plugin.json .claude-plugin/marketplace.json pyproject.toml src/bully/__init__.py uv.lock CHANGELOG.md git commit -m "Release v0.2.0" ``` @@ -151,6 +159,7 @@ Report: version bumped, tag pushed, release URL (from `gh release create` output | `gh release create` before `git push origin ` | Push the tag first; `gh release create` needs it on the remote. | | Picked patch when a breaking change landed | Re-read commits. If users need to edit their `.bully.yml` or re-wire hooks, it's major. | | Committed with uncommitted unrelated changes | Stash them first. The release commit must be version + changelog only. | +| Bumped the version but forgot `uv lock` | CI's `uv sync --locked` fails on the stale lock. Re-lock (§3) and include `uv.lock` in the release commit. | ## Abort criteria