fix: release via tag + dev-bump branch, never pushing to main#39
Merged
Conversation
Branch protection blocks pushing the version bump to main, and the org blocks Actions from opening PRs. So a release tags the current main commit (tags aren't protected) and publishes the binaries, then pushes the `<version>+dev` bump on a branch and writes a one-click "create PR" link to the run summary — a maintainer opens that PR and merges it. main only ever advances through that PR. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Aligns agentcap's release workflow with funes (PRs #23 + #24) so a release works on a protected
main.Previously the release pushed the version-bump commits straight to
main(branch protection blocks it), and opening the dev-bump PR from the workflow'sGITHUB_TOKENis blocked org-wide ("Allow GitHub Actions to create and approve pull requests" is off — confirmedfalseon this repo).Now a release:
maincommit and publishes the binaries — tags aren't branch-protected;<version>+devbump on achore/bump-dev-<version>branch and writes a one-click Create pull request link to the run summary.mainonly ever advances through that maintainer-opened PR. No new settings or secrets required. Note: the published binaries carry the bumped version (stamped at build), while the tagged commit'sCargo.tomlstill shows the in-progress+devmarker.🤖 Generated with Claude Code