Skip to content

feat(skill): add pre-flight and post-flight release procedures#1709

Open
waynesun09 wants to merge 5 commits into
mainfrom
update-release-skill
Open

feat(skill): add pre-flight and post-flight release procedures#1709
waynesun09 wants to merge 5 commits into
mainfrom
update-release-skill

Conversation

@waynesun09
Copy link
Copy Markdown
Contributor

@waynesun09 waynesun09 commented May 29, 2026

Summary

  • Adds pre-flight release check section: diff reusable workflows, scaffold templates, and CLI changes against the v0 tag to detect breaking changes before tagging
  • Adds v0 tag move step and workflow wait step to the release process (steps 8-9), renumbers remaining steps
  • Adds post-flight verification section: check downstream orgs, retrigger failed runs, present summary
  • Variable-dependent commands (org names, repo names, run IDs) prompt the user via AskUserQuestion rather than assuming values are available

Test plan

  • Read through the updated SKILL.md and verify the flow is logical
  • Confirm make lint passes (verified locally)
  • Dry-run the pre-flight section against the current v0 tag
  • Verify allowed-tools list includes all commands used in new sections

@waynesun09
feat(skill): add pre-flight and post-flight release procedures
f453ab1 
The cutting-releases skill now covers the full release lifecycle:

Pre-flight: diff reusable workflows, scaffold templates, and CLI
changes against the v0 tag to detect breaking changes before release.

Process: added v0 tag move (step 8) and workflow wait (step 9),
renumbered remaining steps.

Post-flight: verify downstream orgs resolve @v0 correctly, retrigger
failed runs for confirmation, present summary table.

All variable-dependent commands prompt the user via AskUserQuestion
rather than assuming values are in the environment.

Signed-off-by: Wayne Sun <gsun@redhat.com>
@waynesun09 waynesun09 requested a review from ralphbean May 29, 2026 21:08
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 29, 2026
edited
Loading

Site preview

Preview: https://2c11db53-site.fullsend-ai.workers.dev

Commit: 2812a346113e986c9abd8559ca1118c9cb66c820

@waynesun09
fix(skill): add git fetch before pre-flight diffs, drop unused lint tool
65c9dfb 
Pre-flight steps use origin/main refs but ran before the pull step.
Add explicit git fetch at the top of pre-flight to ensure fresh state.
Remove Bash(make lint:*) from allowed-tools since it is not referenced
in any skill step.

Signed-off-by: Wayne Sun <gsun@redhat.com>
waynesun09
waynesun09 commented May 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor Author

@waynesun09 waynesun09 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review

Findings

Medium

  • [correctness] skills/cutting-releases/SKILL.md:28 — Pre-flight steps A–C diff against origin/main but the pre-flight section runs before step 1 (git checkout main && git pull). Stale origin/main produces wrong diffs.
    Remediation: Added git fetch origin at the top of the pre-flight section. Fixed in 65c9dfb.

Low

  • [hygiene] skills/cutting-releases/SKILL.md:7Bash(make lint:*) was in allowed-tools but never referenced in any skill step. Unused tool permissions widen the surface for no benefit.
    Remediation: Removed from allowed-tools. Fixed in 65c9dfb.

@fullsend-ai-review
Copy link
Copy Markdown

fullsend-ai-review Bot commented May 29, 2026
edited
Loading

Review

Findings

Low

  • [redundant-check] skills/cutting-releases/post-flight.md:37 — Post-flight section C checks gh run list --repo fullsend-ai/fullsend, but section A already verifies the release workflow in the same repo via gh run list --workflow=release.yml. The fullsend-ai/fullsend line in section C is redundant with section A and could be removed, keeping only actual downstream consumers like fullsend-ai/.fullsend.
    Remediation: Remove the fullsend-ai/fullsend line from section C, since that repo's release workflow is already verified in section A.
Previous run

Review

Findings

Low

  • [redundant-check] skills/cutting-releases/post-flight.md:37 — Post-flight section C checks gh run list --repo fullsend-ai/fullsend, but section A already verifies the release workflow in the same repo via gh run list --workflow=release.yml. The fullsend-ai/fullsend line in section C is redundant with section A and could be removed, keeping only actual downstream consumers like fullsend-ai/.fullsend.
    Remediation: Remove the fullsend-ai/fullsend line from section C, since that repo's release workflow is already verified in section A.
Previous run (2)

Review

Findings

High

  • [protected-path] skills/cutting-releases/SKILL.md — This PR modifies a file under skills/, which is a protected path requiring human approval. The PR has no linked issue authorizing this change. While the PR description explains the additions (pre-flight and post-flight release procedures), protected-path changes require a linked issue to establish authorization.
    Remediation: Link an issue that authorizes changes to the cutting-releases skill, or have a maintainer confirm the change is authorized.

Info

  • [correctness] skills/cutting-releases/SKILL.md — The content additions are technically sound. The allowed-tools frontmatter correctly adds Bash(git fetch:*) for the new git fetch origin command. The gh run rerun command in post-flight is covered by the existing Bash(gh run:*) pattern. Step renumbering is consistent. Pre-flight audit checklists (reusable workflows, scaffold templates, CLI changes) and post-flight verification steps are well-structured and cover the right areas.
Previous run (3)

Review

Findings

No findings.

The pre-flight and post-flight sections are well-structured and follow the existing skill patterns. Step renumbering is correct, the allowed-tools addition of git fetch is necessary and appropriate, and the AskUserQuestion gates in the post-flight section ensure user confirmation before retriggering runs or proceeding with verification.

@fullsend-ai-review fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label May 29, 2026
@waynesun09
refactor(skill): deepen pre-flight analysis and scope post-flight checks
1b87ea9 
Pre-flight now audits workflow inputs/outputs/secrets/permissions,
reads CLI function diffs for behavioral changes, and identifies
post-flight check areas to focus verification.

Post-flight now waits for CI workflows first, checks fullsend-ai
repos by default (always accessible to repo admins), and only asks
about additional downstream repos the user has access to. Removed
duplicate wait/verify steps from the process section.

Signed-off-by: Wayne Sun <gsun@redhat.com>
fullsend-ai-review[bot]
fullsend-ai-review Bot suggested changes May 29, 2026
View reviewed changes
Copy link
Copy Markdown

@fullsend-ai-review fullsend-ai-review Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

@fullsend-ai-review fullsend-ai-review Bot removed the ready-for-merge All reviewers approved — ready to merge label May 29, 2026
@waynesun09
refactor(skill): split cutting-releases into phase files
bf67447 
Extract pre-flight and post-flight procedures into separate files
for progressive disclosure. SKILL.md routes to each phase file
with Read instructions.

- SKILL.md: 152 lines (overview + process steps 1-10 + notes)
- pre-flight.md: 122 lines (audit steps A-F)
- post-flight.md: 89 lines (verification steps A-E)

Each file stays under 150 lines. No content loss — just
reorganization.

Signed-off-by: Wayne Sun <gsun@redhat.com>
@waynesun09
fix(skill): address review findings — confirm force-push, trim to 150…
2812a34 
… lines, add grep backstop

- Add AskUserQuestion gate before force-pushing v0 tag (step 8)
- Name AskUserQuestion explicitly in step 10
- Trim SKILL.md to 149 lines (was 156) by condensing verbose sections
- Add grep backstop in pre-flight step A for mechanical verification
  of removed/renamed workflow identifiers

Signed-off-by: Wayne Sun <gsun@redhat.com>
fullsend-ai-review[bot]
fullsend-ai-review Bot approved these changes May 29, 2026
View reviewed changes
Comment thread skills/cutting-releases/post-flight.md
The skill user is a fullsend repo admin, so fullsend-ai org repos
are always accessible. Check recent workflow runs in the org's repos
that consume `@v0` reusable workflows:

Copy link
Copy Markdown

@fullsend-ai-review fullsend-ai-review Bot May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] redundant-check

Post-flight section C checks gh run list --repo fullsend-ai/fullsend, but section A already verifies the release workflow in the same repo. The fullsend-ai/fullsend line in section C is redundant and could be removed, keeping only downstream consumers like fullsend-ai/.fullsend.

Suggested fix: Remove the fullsend-ai/fullsend line from section C, since that repo's release workflow is already verified in section A.

@fullsend-ai-review fullsend-ai-review Bot added the ready-for-merge All reviewers approved — ready to merge label May 29, 2026
fullsend-ai-review[bot]
fullsend-ai-review Bot approved these changes May 29, 2026
View reviewed changes
Comment thread skills/cutting-releases/post-flight.md
The skill user is a fullsend repo admin, so fullsend-ai org repos
are always accessible. Check recent workflow runs in the org's repos
that consume `@v0` reusable workflows:

Copy link
Copy Markdown

@fullsend-ai-review fullsend-ai-review Bot May 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] redundant-check

Post-flight section C checks gh run list --repo fullsend-ai/fullsend, but section A already verifies the release workflow in the same repo via gh run list --workflow=release.yml. The fullsend-ai/fullsend line in section C is redundant with section A and could be removed, keeping only actual downstream consumers like fullsend-ai/.fullsend.

Suggested fix: Remove the fullsend-ai/fullsend line from section C, since that repo's release workflow is already verified in section A.

@fullsend-ai-review fullsend-ai-review Bot added ready-for-merge All reviewers approved — ready to merge and removed ready-for-merge All reviewers approved — ready to merge labels May 29, 2026
ralphbean
ralphbean approved these changes Jun 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@ralphbean ralphbean left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Two minor notes inline.

Comment thread skills/cutting-releases/post-flight.md
## A. Wait for CI workflows

Wait for the Release workflow (triggered by the `v*` tag) and the
Sandbox Images workflow (triggered by the `v0` tag move) to complete:
Copy link
Copy Markdown
Contributor

@ralphbean ralphbean Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[moderate] I think sandbox-images.yml fires on v[0-9]+.[0-9]+* tags, so the bare v0 wouldn't match — it's the version tag push (step 7) that triggers it, not the v0 force-push. Same in SKILL.md step 8. Not blocking.

Comment thread skills/cutting-releases/pre-flight.md
```

## A. Audit reusable workflow changes

Copy link
Copy Markdown
Contributor

@ralphbean ralphbean Jun 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[moderate] Downstream consumers also reference composite actions under .github/actions/ via @v0. Might be worth adding a git diff v0..origin/main -- .github/actions/ to this section. Not blocking.

@ralphbean
Copy link
Copy Markdown
Contributor

ralphbean commented Jun 1, 2026

I just tried to use this skill to cut a release and hit a problem worth fixing before we merge.

Step 1 does git checkout main && git pull, and then pre-flight does git fetch origin — but neither force-updates tags. If v0 was moved on the remote since you last fetched, your local v0 is stale. Every diff in the pre-flight audit (git diff v0..origin/main) runs against the wrong baseline, and you get a massive phantom delta full of changes that were already released.

That's what happened to me just now — I got a 200+ commit diff and spent a while auditing changes that were already in v0.12.0.

I think step 1 should do git pull --tags --force (or a separate git fetch origin --tags --force). The --force matters because v0 is a moving tag — without it, git won't update a tag that already exists locally.

Pre-flight's git fetch origin could also become git fetch origin --tags --force for belt-and-suspenders, but the real fix is step 1 since that runs first.

@waynesun09 waynesun09 changed the title Add pre-flight and post-flight release procedures to cutting-releases skill feat(skill): add pre-flight and post-flight release procedures Jun 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ralphbean ralphbean ralphbean approved these changes

@rh-hemartin rh-hemartin rh-hemartin approved these changes

+1 more reviewer

@fullsend-ai-review fullsend-ai-review[bot] fullsend-ai-review[bot] approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ready-for-merge All reviewers approved — ready to merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@waynesun09 @ralphbean @rh-hemartin