Skip to content

ci(release): Merge artifacts for Craft release discovery #1249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BYK merged 1 commit into from
Jan 12, 2026
+22 −4
Merged

ci(release): Merge artifacts for Craft release discovery #1249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions .craft.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,12 +16,11 @@ statusProvider:
name: github
config:
contexts:
- "Build"
- "Merge Artifacts"

requireNames:
- /^built-packages$/
- /^spotlight-binaries$/
- /^electron-binaries$/
- /^spotlight-/
- /\.dmg$/

targets:
- name: npm
Expand Down
19 changes: 19 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -406,3 +406,22 @@ jobs:
packages/spotlight/dist-electron/*.zip
packages/spotlight/dist-electron/*.blockmap
packages/spotlight/dist-electron/*.yml

merge-artifacts:
name: Merge Artifacts
needs: [build, electron-mac]
if: always() && needs.build.result == 'success' && needs.electron-mac.result == 'success'
runs-on: ubuntu-latest
steps:
- name: Download release artifacts
uses: actions/download-artifact@v5
with:
pattern: '{built-packages,spotlight-binaries,electron-binaries}'
Copy link

@sentry sentry bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The pattern parameter for actions/download-artifact uses brace expansion ({a,b,c}), which is likely unsupported. Standard glob syntax does not include brace expansion, which is a shell feature.
Severity: CRITICAL

🔍 Detailed Analysis

The actions/download-artifact@v5 action is configured with a pattern using brace expansion: '{built-packages,spotlight-binaries,electron-binaries}'. Brace expansion is a shell feature and is not typically supported by standard glob libraries, including the one likely used by GitHub Actions (@actions/glob). The action will probably search for a single artifact with the literal name '{built-packages,spotlight-binaries,electron-binaries}', which does not exist. This will cause the artifact download to fail, breaking the subsequent merge-artifacts job and preventing the release from being created.

💡 Suggested Fix

Replace the brace expansion pattern with a method that is explicitly supported. Either call the download-artifact action multiple times, once for each artifact name, or use a wildcard pattern like * or *-binaries if appropriate, combined with merge-multiple: true to download all required artifacts into a single directory.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: .github/workflows/build.yml#L419

Potential issue: The `actions/download-artifact@v5` action is configured with a
`pattern` using brace expansion:
`'{built-packages,spotlight-binaries,electron-binaries}'`. Brace expansion is a shell
feature and is not typically supported by standard glob libraries, including the one
likely used by GitHub Actions (`@actions/glob`). The action will probably search for a
single artifact with the literal name
`'{built-packages,spotlight-binaries,electron-binaries}'`, which does not exist. This
will cause the artifact download to fail, breaking the subsequent `merge-artifacts` job
and preventing the release from being created.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 8505748

path: artifacts/
merge-multiple: true
Copy link

@cursor cursor bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Artifact paths not flattened despite PR description claim

Medium Severity

The PR description claims that merge-multiple: true "flattens" artifacts, but this option only merges multiple artifacts into the same directory while preserving their internal directory structure. Files from spotlight-binaries will have paths like packages/spotlight/dist-bin/spotlight-linux-x64, not spotlight-linux-x64 at the root. The requireNames pattern /^spotlight-/ in .craft.yml expects files starting with "spotlight-" which won't match unless Craft matches against basenames rather than full relative paths. If Craft uses full paths for matching, this will cause release validation to fail.

Additional Locations (1)

Fix in Cursor Fix in Web


- name: Upload merged artifact
uses: actions/upload-artifact@v5
with:
name: ${{ github.sha }}
path: artifacts/
Copy link

@cursor cursor bot Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing error handling for empty artifact upload

Low Severity

The merged artifact upload step is missing if-no-files-found: error, unlike all other artifact uploads in this workflow (lines 128, 137, 144, 403). With the default warn behavior, if the artifacts/ directory ends up empty due to a download issue, the upload step would succeed but no artifact would be created. Craft would then fail later with a confusing "Can't find any artifacts for revision" error rather than failing at the source. Adding the explicit error check would maintain consistency and provide clearer failure messages.

Fix in Cursor Fix in Web

Loading