Skip to content

ci(release): guard run-ID polling against transient gh failures#1007

Merged
ericcurtin merged 1 commit into
mainfrom
harden-release-poll-guards
Jul 10, 2026
Merged

ci(release): guard run-ID polling against transient gh failures#1007
ericcurtin merged 1 commit into
mainfrom
harden-release-poll-guards

Conversation

@ilopezluna

Copy link
Copy Markdown
Contributor

Follow-up to #1005, addressing the Sourcery review bug_risk comment.

Problem

The monotonic run-ID polling loops added in #1005 compare $CANDIDATE numerically without validating it:

CANDIDATE=$(gh run list ... --jq '.[0].databaseId // 0')
if [ "$CANDIDATE" -gt "$BEFORE_ID" ]; then

The // 0 only covers an empty result array. If gh run list itself fails transiently (network/auth) or returns an unexpected payload, CANDIDATE can be empty or non-numeric and [ "$CANDIDATE" -gt "$BEFORE_ID" ] errors with integer expression expected — the exact kind of transient flake this logic was meant to absorb.

Changes

  • Tolerate transient gh failures mid-poll (2>/dev/null || echo "") and skip any iteration where CANDIDATE is empty/non-numeric, instead of erroring on the comparison.
  • Validate BEFORE_ID up front and fail with a clear message before dispatch if it can't be read.
  • Richer failure message — include before/last-seen IDs and the wait duration to ease race/misconfig diagnosis.

Applied to both trigger jobs: desktop (release-cli-dd.yml) and packaging (release-model.yml).

Not included (noted for later)

Sourcery also suggested extracting the duplicated trigger-and-wait logic into a shared composite action/script. That's a larger refactor and left out of this focused fix.

Opened as draft for review.

🤖 Generated with Claude Code

Follow-up to #1005 (Sourcery review). The monotonic run-ID polling loops
compared `$CANDIDATE` numerically without validating it. If `gh run list`
fails transiently or returns an unexpected payload, CANDIDATE can be empty or
non-numeric and `[ "$CANDIDATE" -gt "$BEFORE_ID" ]` errors with "integer
expression expected" — the exact kind of flake this logic was meant to absorb.

- Tolerate transient `gh` failures mid-poll (`2>/dev/null || echo ""`) and skip
  any iteration where CANDIDATE is empty/non-numeric instead of erroring.
- Validate BEFORE_ID up front and fail with a clear message (before dispatch)
  if it can't be read.
- Include before/last-seen IDs and wait duration in the failure message to make
  race/misconfig diagnosis easier.

Applied to both the desktop (release-cli-dd.yml) and packaging
(release-model.yml) trigger jobs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@ilopezluna ilopezluna marked this pull request as ready for review July 10, 2026 08:01
@ilopezluna ilopezluna requested a review from a team July 10, 2026 08:01

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue

Prompt for AI Agents
Please address the comments from this code review:

## Individual Comments

### Comment 1
<location path=".github/workflows/release.yml" line_range="528-531" />
<code_context>
             --repo docker/inference-engine-llama.cpp \
             --workflow release-cli-dd.yml \
-            --limit 1 --json databaseId --jq '.[0].databaseId // 0')
+            --limit 1 --json databaseId --jq '.[0].databaseId // 0' 2>/dev/null || echo "")
+          case "$BEFORE_ID" in
+            ''|*[!0-9]*)
+              echo "::error::Could not read the pre-dispatch run ID for release-cli-dd.yml"
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Using `|| echo ""` inside command substitution can silently swallow useful error output from `gh run list`.

Because `BEFORE_ID=$(gh run list ... 2>/dev/null || echo "")` treats any non‑zero exit from `gh` as an empty string, you lose potentially useful error diagnostics from `gh`. Since you already validate `$BEFORE_ID` via the numeric `case`, you can drop `2>/dev/null` and `|| echo ""` so that `gh`’s stderr reaches the workflow logs and the `case` handles invalid or missing IDs.

```suggestion
          BEFORE_ID=$(gh run list \
            --repo docker/inference-engine-llama.cpp \
            --workflow release-cli-dd.yml \
            --limit 1 --json databaseId --jq '.[0].databaseId // 0')
```
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment on lines 528 to +531
BEFORE_ID=$(gh run list \
--repo docker/inference-engine-llama.cpp \
--workflow release-cli-dd.yml \
--limit 1 --json databaseId --jq '.[0].databaseId // 0')
--limit 1 --json databaseId --jq '.[0].databaseId // 0' 2>/dev/null || echo "")

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (bug_risk): Using || echo "" inside command substitution can silently swallow useful error output from gh run list.

Because BEFORE_ID=$(gh run list ... 2>/dev/null || echo "") treats any non‑zero exit from gh as an empty string, you lose potentially useful error diagnostics from gh. Since you already validate $BEFORE_ID via the numeric case, you can drop 2>/dev/null and || echo "" so that gh’s stderr reaches the workflow logs and the case handles invalid or missing IDs.

Suggested change
BEFORE_ID=$(gh run list \
--repo docker/inference-engine-llama.cpp \
--workflow release-cli-dd.yml \
--limit 1 --json databaseId --jq '.[0].databaseId // 0')
--limit 1 --json databaseId --jq '.[0].databaseId // 0' 2>/dev/null || echo "")
BEFORE_ID=$(gh run list \
--repo docker/inference-engine-llama.cpp \
--workflow release-cli-dd.yml \
--limit 1 --json databaseId --jq '.[0].databaseId // 0')

@ericcurtin ericcurtin merged commit 3b3cb7a into main Jul 10, 2026
14 checks passed
@ericcurtin ericcurtin deleted the harden-release-poll-guards branch July 10, 2026 12:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants