Skip to content

chore: Run marketplace deploy after GitHub release in semantic-release#254

Open
danskmt wants to merge 1 commit intomainfrom
chore/CLI-1426-reorder-semantic-release-exec-after-github
Open

chore: Run marketplace deploy after GitHub release in semantic-release#254
danskmt wants to merge 1 commit intomainfrom
chore/CLI-1426-reorder-semantic-release-exec-after-github

Conversation

@danskmt
Copy link
Copy Markdown
Contributor

@danskmt danskmt commented Apr 1, 2026
edited by atlassian bot
Loading

Pull Request Submission Checklist

  • Follows CONTRIBUTING guidelines
  • Commit messages are release-note ready, emphasizing what was changed, not how.
  • Includes detailed description of changes
  • Contains risk assessment (Low | Medium | High)
  • Highlights breaking API changes (if applicable)
  • Links to automated tests covering new functionality
  • Includes manual testing instructions (if necessary)
  • Updates relevant GitBook documentation (PR link: ___)
  • Includes product update to be announced in the next stable release notes

What does this PR do?

Moves the @semantic-release/exec plugin (which runs scripts/ci-deploy.sh) to the end of the plugins array in .releaserc, after @semantic-release/github. Publish plugins run in order, so the GitHub release is created before the deploy command runs.

Where should the reviewer start?

  • .releaserc — plugin order only

How should this be manually tested?

  1. After merge, run a release (or validate semantic-release config / dry-run if your process supports it) and confirm publish order: GitHub release first, then deploy script.
  2. No runtime change to the Azure Pipelines task itself.

What's the product update that needs to be communicated to CLI users?

None. Release pipeline ordering only.

Risk assessment (Low | Medium | High)?

Low — configuration-only change.

Any background context you want to provide?

Previously exec ran before github in the plugin list. This aligns order with “GitHub release first, then marketplace / deploy.”

What are the relevant tickets?

CLI-1426

Screenshots (if appropriate)

N/A

@danskmt danskmt requested review from a team as code owners April 1, 2026 11:39
@snyk-io
Copy link
Copy Markdown

snyk-io bot commented Apr 1, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@snyk-pr-review-bot
Copy link
Copy Markdown

snyk-pr-review-bot bot commented Apr 1, 2026

PR Reviewer Guide 🔍

🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Loss of Release Atomicity 🟠 [major]

Moving @semantic-release/exec after @semantic-release/github breaks the atomicity of the release process. In the new order, the GitHub release (which includes creating the public tag and release notes) occurs before the Azure Marketplace deployment. If scripts/ci-deploy.sh fails (e.g., due to tfx authentication failure or validation errors shown in scripts/ci-deploy-prod.sh), the system is left in an inconsistent state: a public release is announced on GitHub, but the actual artifact is unavailable in the Marketplace. Reversing this—publishing the artifact first—ensures that the 'announcement' (GitHub release) only happens if the 'delivery' (Marketplace) succeeds.

 
"@semantic-release/github",
[
  "@semantic-release/exec",
  {
    "publishCmd": "scripts/ci-deploy.sh ${nextRelease.version}"
  }
]
📚 Repository Context Analyzed

This review considered 7 relevant code sections from 7 files (average relevance: 0.76)

@danskmt
Copy link
Copy Markdown
Contributor Author

danskmt commented Apr 1, 2026

PR Reviewer Guide 🔍

🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Loss of Release Atomicity 🟠 [major]
Moving @semantic-release/exec after @semantic-release/github breaks the atomicity of the release process. In the new order, the GitHub release (which includes creating the public tag and release notes) occurs before the Azure Marketplace deployment. If scripts/ci-deploy.sh fails (e.g., due to tfx authentication failure or validation errors shown in scripts/ci-deploy-prod.sh), the system is left in an inconsistent state: a public release is announced on GitHub, but the actual artifact is unavailable in the Marketplace. Reversing this—publishing the artifact first—ensures that the 'announcement' (GitHub release) only happens if the 'delivery' (Marketplace) succeeds.

"@semantic-release/github",
[
  "@semantic-release/exec",
  {
    "publishCmd": "scripts/ci-deploy.sh ${nextRelease.version}"
  }
]

📚 Repository Context Analyzed

This review considered 7 relevant code sections from 7 files (average relevance: 0.76)

Before this change, the same was true the other way around i.e. getting published to Marketplace but not creating a release because it was timing out in marketplace validation. This will be decoupled in future tasks. cc: @j-luong

@danskmt danskmt mentioned this pull request Apr 1, 2026
Closed
9 tasks
@danskmt danskmt enabled auto-merge (squash) April 2, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@j-luong j-luong j-luong approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@danskmt @j-luong