Skip to content

feat: agents release workflow #7194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat: agents release workflow #7194

wants to merge 17 commits into from

Conversation

@paulbalaji
Copy link
Collaborator

@paulbalaji paulbalaji commented Oct 13, 2025
edited by coderabbitai bot
Loading

Description

feat: agents release workflow

the idea is to have a changesets-like experience, where commits to main automatically update an agent release PR. then when we want to do the release, we can simply approve/merge the release PR - which will then trigger the gh tag/release creation on the merge to main. the workflow can also be run manually for easier creation of beta/prelease versions

here's an agents release runbook describing the workflow + release process: https://www.notion.so/hyperlanexyz/Agents-Release-Process-28c6d35200d680fbb82ad663124b1f8e?source=copy_link

Drive-by changes

  • fix gh tag propagation to agent docker image
  • use cargo.toml to track versions
  • format hyperlane-merics cargo toml

Related issues

https://linear.app/hyperlane-xyz/issue/ENG-2446/automate-agents-release-workflow

Backward compatibility

Testing

Summary by CodeRabbit

  • New Features

    • Automated release pipeline: computes next semantic version, creates release PRs with changelogs, and publishes tagged releases (including prerelease support and contributor notes).
    • Enhanced image tagging: emits semver tags and stable/unstable indicators for built images.
    • Workspace changelog generation and per-workspace changelog updates.

  • Chores

    • Workspace version bumped to 1.5.0.
    • Fixed workspace dependency configuration.

@github-project-automation github-project-automation bot moved this to In Review in Hyperlane Tasks Oct 13, 2025
@changeset-bot
Copy link

changeset-bot bot commented Oct 13, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 322c54b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@codecov
Copy link

codecov bot commented Oct 13, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.00%. Comparing base (79a51de) to head (322c54b).

Additional details and impacted files 
@@          Coverage Diff          @@
##            main   #7194   +/-   ##
=====================================
  Coverage   0.00%   0.00%           
=====================================
  Files          1       1           
  Lines         14      14           
=====================================
  Misses        14      14
Components Coverage Δ
core ∅ <ø> (∅)
hooks ∅ <ø> (∅)
isms ∅ <ø> (∅)
token ∅ <ø> (∅)
middlewares ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@paulbalaji paulbalaji changed the title feat: agents release workflow (alt cargo.toml way) feat: agents release workflow Oct 13, 2025
@paulbalaji paulbalaji force-pushed the pb/rust-release-cargo branch 10 times, most recently from 72c77a4 to 3b46cf3 Compare October 13, 2025 20:07
paulbalaji
paulbalaji commented Oct 14, 2025
View reviewed changes
.github/workflows/rust-release.yml
push:
branches:
- main
- pb/rust-release-cargo # for testing
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove before merging

@paulbalaji paulbalaji marked this pull request as ready for review October 14, 2025 11:59
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 14, 2025
edited
Loading

📝 Walkthrough

Walkthrough

This PR adds an automated release pipeline for Rust agents: a new GitHub Actions release workflow (check, PR, publish), enhanced Docker tagging with SEMVER extraction, and helper scripts to compute next versions, generate workspace changelogs, and update workspace version metadata.

Changes

Cohort / File(s) Summary
Docker Workflow Updates
\.github/workflows/rust-docker\.yml		 Enhanced Docker image tagging: derives SEMVER from tag refs (strips agents- and leading v), validates three-part numeric semver, emits SEMVER and IS_STABLE, and adds conditional semver tag-type entries for tag events and stable releases.
Release Automation Workflow
\.github/workflows/rust-release\.yml		 New "Rust Agent Release" workflow with jobs: check-release-status (detects changes and compares workspace version to latest tag), release-pr (computes next version, generates changelogs, updates workspace version/lockfiles, opens/updates release PR), and publish (computes final version/prerelease handling, tags repo, creates GitHub release with contributor notes).
Workspace Metadata
rust/main/Cargo\.toml, rust/main/hyperlane-metric/Cargo\.toml		 Bumped workspace/package version from 0.1.0 to 1.5.0; fixed workspace dependency flag for the url crate (url.workspace = true).
Release Orchestration Scripts
rust/scripts/ci/determine-next-version\.sh, rust/scripts/ci/generate-workspace-changelog\.sh, rust/scripts/ci/get-latest-agents-tag\.sh, rust/scripts/ci/get-workspace-version\.sh, rust/scripts/ci/update-workspace-version\.sh		 Added five shell scripts to: compute next semver from conventional commits (with breaking-change detection), generate per-workspace changelogs and optionally write them into each workspace, get the latest agents-v* tag, read workspace version from Cargo.toml, and update the workspace version in Cargo.toml.

Sequence Diagram(s)

sequenceDiagram
    participant GH as GitHub Actions
    participant Check as check-release-status
    participant PR as release-pr
    participant Pub as publish
    participant Git as Git
    participant GHCLI as gh (GitHub CLI)

    GH->>Check: trigger (push/schedule/dispatch)
    Check->>Git: list tags (agents-v*)
    Check->>Git: read workspace version
    Check->>GH: outputs has_changes, should_release

    alt has_changes == true
        GH->>PR: run release-pr
        PR->>Git: scan commits, compute next version (determine-next-version.sh)
        PR->>PR: generate changelogs (generate-workspace-changelog.sh)
        PR->>Git: update Cargo.toml, Cargo.lock
        PR->>GHCLI: create/update release PR
    end

    alt should_release == true && on main
        GH->>Pub: run publish
        Pub->>PR: compute final version (handle prerelease suffix)
        Pub->>Git: create and push tag agents-v<version>
        Pub->>GHCLI: create GitHub Release (notes, contributors)
    end
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Points to focus on:

  • release workflow conditionals (prerelease vs stable) and inter-job outputs
  • correctness of determine-next-version.sh (conventional commit parsing, BREAKING CHANGE handling)
  • generate-workspace-changelog.sh mapping of changed files to workspace members and file-write logic
  • synchronization of Cargo.toml/Cargo.lock updates with PR and publish/tag steps
  • Docker SEMVER extraction and IS_STABLE conditions

Poem

Ah, a tidy swamp of scripts and tags so green,
Changelogs sprout where commits been seen,
Versions climb proper, none feral nor sly,
Tags get their semver, releases fly high,
Roll up yer sleeves — this meadow’s shipshape and clean.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title Check ✅ Passed The PR title "feat: agents release workflow" is concise, specific, and directly aligned with the main changeset. It clearly communicates that the primary change is introducing an automated release workflow for agents, which matches the substantive additions to GitHub Actions workflows, version management scripts, and Cargo.toml updates. The title uses conventional commit format and would be meaningful to someone scanning through the project history.
Description Check ✅ Passed The PR description covers most of the required template sections well: it provides a detailed description of the release workflow with a runbook reference, lists three drive-by changes, includes a related Linear issue link, and describes thorough manual testing with specific action run references. However, the "Backward compatibility" section is incomplete—while the template header and placeholder comment are present, there's no actual yes/no answer or explanation provided. Despite this gap, the description is substantively complete in all other areas and provides sufficient context for understanding the changes.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch pb/rust-release-cargo

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove testing branch from triggers before merge

Keep the porch tidy; drop pb/rust-release-cargo in final merge.

🧹 Nitpick comments (6)
rust/scripts/generate-workspace-changelog.sh (4)

83-83: Harden trap expansion

Quote expansion at signal time, not now.

-trap "rm -rf $TEMP_DIR" EXIT
+trap 'rm -rf "$TEMP_DIR"' EXIT

Based on shellcheck SC2064.

146-147: Avoid masking return values with inline assignment

Declare then assign for clarity.

-    local workspace_file=$(echo "$workspace" | tr '/' '_')
+    local workspace_file
+    workspace_file=$(echo "$workspace" | tr '/' '_')

As per shellcheck SC2155.

153-156: Drop unused field, simplify read

You don’t use the workspace field; read into a dummy and keep the message.

-        sort -u "$TEMP_DIR/$workspace_file" | while IFS='|' read -r ws msg; do
-            echo "* $msg"
-        done
+        sort -u "$TEMP_DIR/$workspace_file" | while IFS='|' read -r _ msg; do
+            echo "* $msg"
+        done

Based on shellcheck SC2034.

122-126: Prefer string prefix match over regex here

Safer if member names ever include regex meta; reads clearer.

-            if [[ "$file" =~ ^"$member"(/|$) ]]; then
+            if [[ "$file" == "$member" || "$file" == "$member/"* ]]; then
.github/workflows/rust-release.yml (2)

289-294: Don’t assume the “release” label exists

gh pr create fails if the label is missing. Either pre-create the label or omit the flag.

-            gh pr create \
-              --title "release: agents v${NEW_VERSION}" \
-              --body "$PR_BODY" \
-              --base main \
-              --head "$BRANCH_NAME" \
-              --label "release" \
-              --draft
+            gh pr create \
+              --title "release: agents v${NEW_VERSION}" \
+              --body "$PR_BODY" \
+              --base main \
+              --head "$BRANCH_NAME" \
+              --draft

362-376: Stable vs prerelease changelog base tag

git describe will pick the latest tag (including prereleases). For stable releases you likely want the last stable tag so notes cover the whole cycle, not just since the last beta.

-          PREV_TAG=$(git describe --tags --abbrev=0 --match "agents-v*" 2>/dev/null || echo "")
+          if [ "$IS_PRERELEASE" = "true" ]; then
+            # For prereleases, diff from latest prerelease or stable
+            PREV_TAG=$(git describe --tags --abbrev=0 --match "agents-v*" 2>/dev/null || echo "")
+          else
+            # For stable, diff from latest stable tag only
+            PREV_TAG=$(git tag -l "agents-v*" --sort=-version:refname | grep -E "^agents-v[0-9]+\.[0-9]+\.[0-9]+$" | head -1 || echo "")
+          fi

This keeps the swamp water clear for stable notes.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6ef5f44 and 5f31821.

⛔ Files ignored due to path filters (2)
  • rust/main/Cargo.lock is excluded by !**/*.lock
  • rust/sealevel/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (5)
  • .github/workflows/rust-docker.yml (1 hunks)
  • .github/workflows/rust-release.yml (1 hunks)
  • rust/main/Cargo.toml (1 hunks)
  • rust/main/hyperlane-metric/Cargo.toml (1 hunks)
  • rust/scripts/generate-workspace-changelog.sh (1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

34-34: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

99-99: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

310-310: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

🪛 Shellcheck (0.11.0)
rust/scripts/generate-workspace-changelog.sh

[warning] 83-83: Use single quotes, otherwise this expands now rather than when signalled.

(SC2064)

[warning] 146-146: Declare and assign separately to avoid masking return values.

(SC2155)

[warning] 153-153: ws appears unused. Verify use (or export if used externally).

(SC2034)

🔇 Additional comments (3)
rust/main/hyperlane-metric/Cargo.toml (1)

18-18: Dependency key fix looks good

Shiny and simple. The workspace inheritance shorthand is valid here.

rust/main/Cargo.toml (1)

36-36: Workspace version bump acknowledged

Lines up with the release flow that keys off workspace.package.version.

Double-check sealevel or other sibling workspaces don’t hard-code versions that should track this bump.

.github/workflows/rust-release.yml (1)

34-34: Verify custom runner label availability

depot-ubuntu-latest isn’t a standard GitHub runner label. If it’s self-hosted, all good; if not, switch to ubuntu-latest.

Also applies to: 99-99, 310-310

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f31821 and 96193a6.

📒 Files selected for processing (1)
  • .github/workflows/rust-docker.yml (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (52)
  • GitHub Check: cli-install-test
  • GitHub Check: infra-test
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: lander-coverage
  • GitHub Check: lint-rs
  • GitHub Check: test-rs

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Nitpick comments (2)
.github/workflows/rust-docker.yml (2)

49-53: Small hardening: fail fast in taggen

Add set -euo pipefail to catch script hiccups early. Saves you from stepping in muck later.

       - name: Generate tag data
         id: taggen
         run: |
-          echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT
+          set -euo pipefail
+          echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT

96-99: Confirm intent: pushing images on PRs

push: true applies to PRs too (when secrets available). Is that desired, or should PRs build only? If needed, condition push by event type.

Example tweak:

-          push: true
+          push: ${{ github.event_name != 'pull_request' || secrets.GCLOUD_SERVICE_KEY != '' }}
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 96193a6 and eac330b.

📒 Files selected for processing (1)
  • .github/workflows/rust-docker.yml (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (55)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: coverage-run
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: yarn-test-run
  • GitHub Check: cli-install-test-run
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: yarn-install
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: Socket Security: Pull Request Alerts
  • GitHub Check: lint-rs
  • GitHub Check: lander-coverage
  • GitHub Check: test-rs

coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
.github/workflows/rust-docker.yml (2)

51-53: Good guard rails; tiny nit on consistency

Nice touch with the strict shell flags. Consider quoting $GITHUB_OUTPUT everywhere for consistency.

-echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT
-echo "TAG_SHA=$(echo '${{ github.event.pull_request.head.sha || github.sha }}' | cut -b 1-7)" >> $GITHUB_OUTPUT
+echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> "$GITHUB_OUTPUT"
+echo "TAG_SHA=$(echo '${{ github.event.pull_request.head.sha || github.sha }}' | cut -b 1-7)" >> "$GITHUB_OUTPUT"

54-64: Tighten SEMVER validation to avoid accidental junk

Current regex will accept 1.2.3foo. Let’s bound it to valid semver with optional pre-release/build metadata.

-# Basic semver guard (allows prerelease/build metadata)
-if echo "$NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+'; then
-  echo "SEMVER=$NAME" >> $GITHUB_OUTPUT
-fi
+# Basic semver guard (allows prerelease/build metadata)
+# e.g. 1.2.3, 1.2.3-rc.1, 1.2.3+build.5, 1.2.3-rc.1+build.5
+if echo "$NAME" | grep -Eq '^[0-9]+(\.[0-9]+){2}(-[0-9A-Za-z.-]+)?(\+[0-9A-Za-z.-]+)?$'; then
+  echo "SEMVER=$NAME" >> "$GITHUB_OUTPUT"
+fi
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eac330b and b04a112.

📒 Files selected for processing (1)
  • .github/workflows/rust-docker.yml (2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (51)
  • GitHub Check: infra-test
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: lander-coverage
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: lint-rs
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: test-rs
🔇 Additional comments (1)
.github/workflows/rust-docker.yml (1)

76-78: Enable logic looks solid

Gating semver tags on tag events and a non-empty SEMVER keeps the swamp clean. LGTM.

@paulbalaji paulbalaji force-pushed the pb/rust-release-cargo branch from 4a50585 to 076c37e Compare October 14, 2025 16:19
coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove testing branch before merge

Keep main clean; drop the test branch trigger.

-      - pb/rust-release-cargo # for testing
🧹 Nitpick comments (11)
.github/workflows/rust-docker.yml (1)

51-70: Tiny hardening: quote outputs and vars

Looks solid, swamp’s drained. Add quotes for $GITHUB_OUTPUT and NAME to silence shellcheck and avoid odd edge cases.

-          set -euo pipefail
-          echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> $GITHUB_OUTPUT
-          echo "TAG_SHA=$(echo '${{ github.event.pull_request.head.sha || github.sha }}' | cut -b 1-7)" >> $GITHUB_OUTPUT
+          set -euo pipefail
+          echo "TAG_DATE=$(date +'%Y%m%d-%H%M%S')" >> "$GITHUB_OUTPUT"
+          echo "TAG_SHA=$(echo '${{ github.event.pull_request.head.sha || github.sha }}' | cut -b 1-7)" >> "$GITHUB_OUTPUT"
           # For tag events, derive pure semver:
-          if [ "${{ github.ref_type }}" = "tag" ]; then
-            NAME="${{ github.ref_name }}"
+          if [ "${{ github.ref_type }}" = "tag" ]; then
+            NAME="${{ github.ref_name }}"
             # Strip agents- prefix and any leading v
-            NAME="${NAME#agents-}"
-            NAME="${NAME#v}"
+            NAME="${NAME#agents-}"
+            NAME="${NAME#v}"
             # Basic semver guard (allows prerelease/build metadata)
             if echo "$NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+'; then
-              echo "SEMVER=$NAME" >> $GITHUB_OUTPUT
+              echo "SEMVER=$NAME" >> "$GITHUB_OUTPUT"
               # Check if this is a stable release (no prerelease suffix like -beta, -rc, -alpha)
               if echo "$NAME" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then
-                echo "IS_STABLE=true" >> $GITHUB_OUTPUT
+                echo "IS_STABLE=true" >> "$GITHUB_OUTPUT"
               else
-                echo "IS_STABLE=false" >> $GITHUB_OUTPUT
+                echo "IS_STABLE=false" >> "$GITHUB_OUTPUT"
               fi
             fi
           fi
rust/scripts/generate-workspace-changelog.sh (5)

82-84: Fix trap quoting to avoid early expansion

Quote the temp dir in trap; avoids hiccups if TMPDIR contains spaces and silences SC2064.

-TRAP_CMD="rm -rf $TEMP_DIR"
-trap "rm -rf $TEMP_DIR" EXIT
+trap 'rm -rf "$TEMP_DIR"' EXIT

Based on static analysis hints

108-115: Quote and use “--” consistently for pathspecs

Safer to quote the commit range and keep the path separator explicit. Also quote variables in subshells.

-git log --no-merges --format="%H" $COMMIT_RANGE -- rust/main | while read -r commit_hash; do
+git log --no-merges --format='%H' "$COMMIT_RANGE" -- rust/main | while read -r commit_hash; do
     # Get commit message
-    commit_msg=$(git log -1 --format="%s" "$commit_hash")
+    commit_msg="$(git log -1 --format='%s' "$commit_hash")"

Based on static analysis hints

146-156: Minor: avoid masking return values and unused var warning

Split declare/assign and drop the unused “ws” var to appease shellcheck; function behavior unchanged.

-generate_workspace_changelog() {
+generate_workspace_changelog() {
     local workspace="$1"
     local include_header="${2:-true}"  # Default to including header
-    local workspace_file=$(echo "$workspace" | tr '/' '_')
+    local workspace_file
+    workspace_file="$(echo "$workspace" | tr '/' '_')"
@@
-        sort -u "$TEMP_DIR/$workspace_file" | while IFS='|' read -r ws msg; do
-            echo "* $msg"
+        sort -u "$TEMP_DIR/$workspace_file" | while IFS='|' read -r _ msg; do
+            echo "* $msg"
         done

Based on static analysis hints

85-87: Parsing Cargo.toml is brittle; consider cargo metadata

Grepping the members array can drift if formatting changes. Using cargo metadata -Z unstable-options --format-version 1 is sturdier. Optional, but future‑proofs the bog.

130-140: Commit message delimiter risk

If a commit message contains “|”, the split will misbehave. Low risk, but you can use a NUL sep or serialize as JSON to dodge surprises.

.github/workflows/rust-release.yml (5)

136-139: Don’t bump minor on “chore”

Classifying “chore” as minor will over‑inflate versions. Suggest limiting minor to feat/refactor/perf, keep chore as patch.

-            elif echo "$commit" | grep -qE "^[a-f0-9]+ (feat|refactor|perf|chore)(\(.+\))?:"; then
+            elif echo "$commit" | grep -qE "^[a-f0-9]+ (feat|refactor|perf)(\(.+\))?:"; then
               HAS_MINOR=true

248-297: Ensure gh CLI and “release” label availability

On non‑standard runners, gh may be missing and the “release” label might not exist. Add a quick install/check and create the label if needed to avoid a muddy bog mid‑run.

       - name: Create or update release PR
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NEW_VERSION: ${{ steps.next_version.outputs.new_version }}
           BUMP_TYPE: ${{ steps.next_version.outputs.bump_type }}
           CHANGELOG: ${{ steps.changelog.outputs.changelog }}
         run: |
+          if ! command -v gh >/dev/null 2>&1; then
+            echo "gh CLI not found"; exit 1
+          fi
+          # Ensure label exists
+          gh api repos/${{ github.repository }}/labels --method GET --jq '.[].name' | grep -qx 'release' || \
+            gh api repos/${{ github.repository }}/labels --method POST -f name='release' -f color='5319e7' -f description='Release PRs' >/dev/null 2>&1 || true

407-416: Make tag/release creation idempotent

Re‑runs will fail if the tag or release exists. Guard to skip gracefully.

-          # Create tag and GitHub release
-          git tag -a "$TAG_NAME" -m "$RELEASE_TYPE $TAG_NAME"
-          git push origin "$TAG_NAME"
-
-          gh release create "$TAG_NAME" \
-            --title "$TITLE" \
-            --notes "$CHANGELOG" \
-            $PRERELEASE_FLAG \
-            --repo "${{ github.repository }}"
+          # Create tag and GitHub release (idempotent)
+          if git rev-parse -q --verify "refs/tags/$TAG_NAME" >/dev/null; then
+            echo "Tag $TAG_NAME already exists, skipping tag creation"
+          else
+            git tag -a "$TAG_NAME" -m "$RELEASE_TYPE $TAG_NAME"
+            git push origin "$TAG_NAME"
+          fi
+          if gh release view "$TAG_NAME" --repo "${{ github.repository }}" >/dev/null 2>&1; then
+            echo "Release $TAG_NAME already exists, skipping"
+          else
+            gh release create "$TAG_NAME" \
+              --title "$TITLE" \
+              --notes "$CHANGELOG" \
+              $PRERELEASE_FLAG \
+              --repo "${{ github.repository }}"
+          fi

20-23: Consider cancel-in-progress=true

For rapid pushes, canceling in‑flight runs keeps the ogre’s hut tidy and avoids dueling PR updates.

72-75: Robust version parse from Cargo.toml

Grep/awk works, but if the stanza shifts, it’ll break. Optional: parse via tomlq (yq 4 + toml) or a tiny jq/toml python. Not a blocker.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4a50585 and 076c37e.

⛔ Files ignored due to path filters (2)
  • rust/main/Cargo.lock is excluded by !**/*.lock
  • rust/sealevel/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (5)
  • .github/workflows/rust-docker.yml (2 hunks)
  • .github/workflows/rust-release.yml (1 hunks)
  • rust/main/Cargo.toml (1 hunks)
  • rust/main/hyperlane-metric/Cargo.toml (1 hunks)
  • rust/scripts/generate-workspace-changelog.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • rust/main/Cargo.toml
  • rust/main/hyperlane-metric/Cargo.toml
🧰 Additional context used
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

35-35: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

48-48: shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:14:32: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:17:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:3:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:10:29: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:12:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2001:style:14:20: See if you can use ${variable//search/replace} instead

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:15:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:20:35: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:23:36: Double quote to prevent globbing and word splitting

(shellcheck)

100-100: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

115-115: shellcheck reported issue in this script: SC2086:info:54:36: Double quote to prevent globbing and word splitting

(shellcheck)

115-115: shellcheck reported issue in this script: SC2086:info:55:32: Double quote to prevent globbing and word splitting

(shellcheck)

176-176: shellcheck reported issue in this script: SC2086:info:25:6: Double quote to prevent globbing and word splitting

(shellcheck)

238-238: shellcheck reported issue in this script: SC2086:info:48:34: Double quote to prevent globbing and word splitting

(shellcheck)

303-303: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

303-303: shellcheck reported issue in this script: SC2086:info:1:53: Double quote to prevent globbing and word splitting

(shellcheck)

303-303: shellcheck reported issue in this script: SC2086:info:2:12: Double quote to prevent globbing and word splitting

(shellcheck)

303-303: shellcheck reported issue in this script: SC2086:info:3:52: Double quote to prevent globbing and word splitting

(shellcheck)

303-303: shellcheck reported issue in this script: SC2086:info:4:69: Double quote to prevent globbing and word splitting

(shellcheck)

311-311: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

327-327: shellcheck reported issue in this script: SC2001:style:16:18: See if you can use ${variable//search/replace} instead

(shellcheck)

327-327: shellcheck reported issue in this script: SC2086:info:90:59: Double quote to prevent globbing and word splitting

(shellcheck)

327-327: shellcheck reported issue in this script: SC2086:info:91:87: Double quote to prevent globbing and word splitting

(shellcheck)

327-327: shellcheck reported issue in this script: SC2086:info:92:12: Double quote to prevent globbing and word splitting

(shellcheck)

327-327: shellcheck reported issue in this script: SC2086:info:93:97: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 Shellcheck (0.11.0)
rust/scripts/generate-workspace-changelog.sh

[warning] 83-83: Use single quotes, otherwise this expands now rather than when signalled.

(SC2064)

[warning] 146-146: Declare and assign separately to avoid masking return values.

(SC2155)

[warning] 153-153: ws appears unused. Verify use (or export if used externally).

(SC2034)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (53)
  • GitHub Check: cli-install-test
  • GitHub Check: infra-test
  • GitHub Check: Update Release PR
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: lint-rs
  • GitHub Check: lander-coverage
  • GitHub Check: test-rs
🔇 Additional comments (2)
.github/workflows/rust-docker.yml (1)

82-85: Enable guards look right; one small tweak for prereleases

Great gating. If you ever want prereleases to also publish full {{version}} (they do now) but not {{major}}.{{minor}} (already guarded), you’re set. No change needed—calling it out so it’s intentional.

.github/workflows/rust-release.yml (1)

35-35: Runner label verification

“depot-ubuntu-latest” isn’t a standard GitHub label. If it’s self‑hosted, all good; otherwise switch to ubuntu‑latest.

Would you like a patch to add a matrix or fallback to ubuntu-latest?

@paulbalaji paulbalaji force-pushed the pb/rust-release-cargo branch from 076c37e to 79ac150 Compare October 29, 2025 15:36
coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove test branch before merging.

Line 7 includes pb/rust-release-cargo for testing, with a past comment noting this should be removed. Strip this branch so the workflow only runs on main and manual dispatch.

  push:
    branches:
      - main
-     - pb/rust-release-cargo # for testing
    paths:
🧹 Nitpick comments (2)
rust/scripts/generate-workspace-changelog.sh (2)

82-83: Trap quoting style—prefer single quotes to defer expansion.

Shellcheck flags the double-quoted trap string (SC2064): "rm -rf $TEMP_DIR" expands $TEMP_DIR now, not when the trap fires. While not a functional issue here (variable's set before the trap), follow the pattern and use single quotes so the variable expands at trap-fire time:

-trap "rm -rf $TEMP_DIR" EXIT
+trap 'rm -rf "$TEMP_DIR"' EXIT

146-146: Separate local declaration and assignment for better error handling.

Shellcheck SC2155 flags combining local with assignment: if the command fails, local still succeeds and masks the error. Separate them (best practice):

-    local workspace_file=$(echo "$workspace" | tr '/' '_')
+    local workspace_file
+    workspace_file=$(echo "$workspace" | tr '/' '_')
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 076c37e and 79ac150.

⛔ Files ignored due to path filters (2)
  • rust/main/Cargo.lock is excluded by !**/*.lock
  • rust/sealevel/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (5)
  • .github/workflows/rust-docker.yml (2 hunks)
  • .github/workflows/rust-release.yml (1 hunks)
  • rust/main/Cargo.toml (1 hunks)
  • rust/main/hyperlane-metric/Cargo.toml (1 hunks)
  • rust/scripts/generate-workspace-changelog.sh (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
  • rust/main/Cargo.toml
  • rust/main/hyperlane-metric/Cargo.toml
🧰 Additional context used
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

35-35: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

100-100: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

311-311: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

🪛 Shellcheck (0.11.0)
rust/scripts/generate-workspace-changelog.sh

[warning] 83-83: Use single quotes, otherwise this expands now rather than when signalled.

(SC2064)

[warning] 146-146: Declare and assign separately to avoid masking return values.

(SC2155)

[warning] 153-153: ws appears unused. Verify use (or export if used externally).

(SC2034)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (54)
  • GitHub Check: infra-test
  • GitHub Check: Update Release PR
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-ism-updates)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: cli-install-test-run
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: lint-rs
  • GitHub Check: test-rs
  • GitHub Check: lander-coverage
🔇 Additional comments (5)
.github/workflows/rust-docker.yml (1)

51-85: Solid semver setup — tag data generation looks well-guarded.

The conditional SEMVER extraction (tag events only) and IS_STABLE derivation (exact three-part semver with no prerelease suffix) are properly scoped. The enable conditions correctly gate the semver tags to tag events with valid SEMVER and stability flags. Prior commits addressed the stripping and validation, and the current state reflects those fixes cleanly.

.github/workflows/rust-release.yml (4)

50-96: Check-release-status logic is solid.

Version comparison (current vs. latest tag) and commit detection are correct. The tag extraction pattern is repeated throughout the workflow—consider extracting it to a reusable variable or shared action in future refactors, but not required for this PR.

110-204: Release PR creation—conventional commit parsing and changelog flow look good.

Version bumping via conventional commits is implemented cleanly (breaking/feat/fix → major/minor/patch). The two-call pattern for changelog generation (unified for PR body, then per-workspace files) is sound. Cargo.lock updates and PR body construction are well-structured.

309-419: Publish logic handles pre-releases and stable releases cleanly.

Manual dispatch triggers pre-release with optional suffix or auto-incrementing beta.N. The commit range handling (HEAD~1 for stable to exclude version bump) is thoughtful. New contributors extraction via GitHub API and release creation via gh CLI are solid patterns.

35-36: Runner label flagged by linter—verify it's configured.

Actionlint flags depot-ubuntu-latest as an unknown GitHub runner label. This is expected if it's a custom self-hosted runner (e.g., via Depot). Ensure your actionlint config (if present) or CI knows about this label; otherwise, the workflow may fail at runtime. If not intentional, switch to a standard label like ubuntu-latest.

Also applies to: 100-101, 311-312

coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove test branch before merging.

Line 7 includes the test branch pb/rust-release-cargo for the workflow trigger. This should be removed before the PR is merged to main.

-      - main
-      - pb/rust-release-cargo # for testing
+      - main
🧹 Nitpick comments (4)
rust/scripts/generate-workspace-changelog.sh (2)

146-146: Declare workspace_file separately (shellcheck SC2155).

Best practice: separate declaration from assignment to avoid masking return codes. While low-risk here, it's cleaner:

-    local workspace_file=$(echo "$workspace" | tr '/' '_')
+    local workspace_file
+    workspace_file=$(echo "$workspace" | tr '/' '_')

86-86: Guard against missing Cargo.toml.

Line 86 assumes $RUST_MAIN_DIR/Cargo.toml exists. If it's missing, grep will fail silently and WORKSPACE_MEMBERS will be empty, potentially masking a setup problem. Consider:

+if [ ! -f "$RUST_MAIN_DIR/Cargo.toml" ]; then
+  echo "Error: Cargo.toml not found at $RUST_MAIN_DIR/Cargo.toml" >&2
+  exit 1
+fi
 WORKSPACE_MEMBERS=$(grep -A 100 '^\[workspace\]' "$RUST_MAIN_DIR/Cargo.toml" | sed -n '/^members = \[/,/^\]/p' | grep '"' | sed 's/[", ]//g')
.github/workflows/rust-release.yml (2)

48-48: Quote variables in embedded scripts to prevent word splitting.

Shellcheck flagged multiple instances of unquoted variables. While many are low-risk in this context, quoting prevents subtle bugs. Key examples:

Line 57 (check_changes step):

-          COMMITS_SINCE=$(git log "$LATEST_TAG"..HEAD --oneline -- . | wc -l)
+          COMMITS_SINCE=$(git log "${LATEST_TAG}..HEAD" --oneline -- . | wc -l)

Line 138-141 (changelog step):

-          CHANGELOG=$(./rust/scripts/generate-workspace-changelog.sh "$COMMIT_RANGE" --no-header)
+          CHANGELOG=$(./rust/scripts/generate-workspace-changelog.sh "${COMMIT_RANGE}" --no-header)
           ...
-          ./rust/scripts/generate-workspace-changelog.sh "$COMMIT_RANGE" "" --write-to-workspace "$NEW_VERSION"
+          ./rust/scripts/generate-workspace-changelog.sh "${COMMIT_RANGE}" "" --write-to-workspace "${NEW_VERSION}"

Apply similar quoting to other embedded scripts (lines 48, 71, 114) as well.

Also applies to: 71-71, 114-114, 127-127, 138-141

243-247: Consider brace redirection for step summary (SC2129).

Lines 243-247 make individual appends to $GITHUB_STEP_SUMMARY. Shellcheck suggests batching with brace redirection for clarity:

-          echo "### Release PR for agents v${NEW_VERSION}" >> $GITHUB_STEP_SUMMARY
-          echo "" >> $GITHUB_STEP_SUMMARY
-          echo "The release PR has been created/updated." >> $GITHUB_STEP_SUMMARY
-          echo "Once merged, the release will be published automatically." >> $GITHUB_STEP_SUMMARY
+          {
+            echo "### Release PR for agents v${NEW_VERSION}"
+            echo ""
+            echo "The release PR has been created/updated."
+            echo "Once merged, the release will be published automatically."
+          } >> $GITHUB_STEP_SUMMARY
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 79ac150 and ab51762.

📒 Files selected for processing (6)
  • .github/workflows/rust-release.yml (1 hunks)
  • rust/scripts/determine-next-version.sh (1 hunks)
  • rust/scripts/generate-workspace-changelog.sh (1 hunks)
  • rust/scripts/get-latest-agents-tag.sh (1 hunks)
  • rust/scripts/get-workspace-version.sh (1 hunks)
  • rust/scripts/update-workspace-version.sh (1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

35-35: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

48-48: shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:14:32: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:17:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:3:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:10:29: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:12:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2001:style:14:20: See if you can use ${variable//search/replace} instead

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:15:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:20:35: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:23:36: Double quote to prevent globbing and word splitting

(shellcheck)

100-100: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

114-114: shellcheck reported issue in this script: SC2086:info:6:36: Double quote to prevent globbing and word splitting

(shellcheck)

114-114: shellcheck reported issue in this script: SC2086:info:7:32: Double quote to prevent globbing and word splitting

(shellcheck)

127-127: shellcheck reported issue in this script: SC2086:info:25:6: Double quote to prevent globbing and word splitting

(shellcheck)

178-178: shellcheck reported issue in this script: SC2086:info:48:34: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:1:53: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:2:12: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:3:52: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:4:69: Double quote to prevent globbing and word splitting

(shellcheck)

251-251: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

267-267: shellcheck reported issue in this script: SC2001:style:16:18: See if you can use ${variable//search/replace} instead

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:90:59: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:91:87: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:92:12: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:93:97: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 Shellcheck (0.11.0)
rust/scripts/generate-workspace-changelog.sh

[warning] 83-83: Use single quotes, otherwise this expands now rather than when signalled.

(SC2064)

[warning] 146-146: Declare and assign separately to avoid masking return values.

(SC2155)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
  • GitHub Check: Update Release PR
  • GitHub Check: test-rs
  • GitHub Check: lander-coverage
  • GitHub Check: lint-rs
🔇 Additional comments (7)
rust/scripts/get-workspace-version.sh (1)

1-19: LGTM! Solid helper for version extraction.

This script does what it's supposed to—cleanly extracts the workspace version from Cargo.toml. The pipeline is straightforward and the directory resolution is robust.

rust/scripts/update-workspace-version.sh (1)

1-41: LGTM! Clean and atomic version update.

The awk logic is sound—it correctly scopes the version replacement to the [workspace.package] section and atomically swaps the file. Input validation is in place too.

rust/scripts/get-latest-agents-tag.sh (1)

1-12: LGTM! Tidy tag lookup.

The regex properly isolates stable releases (excludes prerelease suffixes), and the semver-aware sort with || true fallback is solid. Works as intended.

rust/scripts/determine-next-version.sh (1)

1-105: LGTM! Solid conventional-commit parser.

The version bump logic correctly handles breaking changes, features, and fixes. Fallback to latest tag when no range is given is sensible. One minor note: you're calling git show once per commit (line 77) for BREAKING CHANGE detection—fine for typical release workflows, but worth keeping in mind if commit volume grows.

rust/scripts/generate-workspace-changelog.sh (1)

153-155: Good cleanup on the past review—redundant workspace field removed.

Nice work incorporating the feedback to remove the redundant | delimiter. The script now stores and reads just the commit message, which is cleaner and avoids the unused variable.

.github/workflows/rust-release.yml (2)

35-35: Verify custom runner label exists.

The workflow uses depot-ubuntu-latest (lines 35, 100, 251), which actionlint flags as not matching GitHub's standard runner labels. This appears to be a custom/self-hosted runner label. Verify that your CI environment has this label configured, or update to a standard label like ubuntu-latest. If it's intentional, you may need to configure actionlint to recognize it.

Also applies to: 100-100, 251-251

249-360: Release publishing logic is comprehensive.

The publish job handles both stable releases and prereleases with clear intent. The logic for auto-generating beta.N suffixes, extracting new contributors, and building the final changelog is well-structured. Good use of gh CLI for release creation.

coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove the test branch before merging to main.

Line 7 includes pb/rust-release-cargo for testing. This should be removed before merge:

  on:
    push:
      branches:
        - main
-       - pb/rust-release-cargo # for testing
🧹 Nitpick comments (7)
rust/scripts/ci/generate-workspace-changelog.sh (4)

108-113: Shell variable expansion needs quotes to avoid word splitting and globbing.

Line 108 and 113 should quote variables:

-git log --no-merges --format="%H" $COMMIT_RANGE -- rust/main | while read -r commit_hash; do
+git log --no-merges --format="%H" "$COMMIT_RANGE" -- rust/main | while read -r commit_hash; do
     # Get commit message
     commit_msg=$(git log -1 --format="%s" "$commit_hash")
 
     # Get files changed in this commit (within rust/main)
-    files=$(git diff-tree --no-commit-id --name-only -r "$commit_hash" -- rust/main)
+    files="$(git diff-tree --no-commit-id --name-only -r "$commit_hash" -- rust/main)"

This prevents issues if COMMIT_RANGE contains special characters or spaces, and captures files cleanly.

117-128: Unquoted loop variable risks word splitting on filenames with spaces or special chars.

Lines 117 should quote the loop expansion:

-    for file in $files; do
+    for file in $files; do  # Note: intentionally unquoted to split on whitespace (expected behavior)

Actually, on second look, the unquoted $files is intentional here to split on newlines/whitespace—that's the desired behavior since files contains newline-separated paths from git. However, if any path contains spaces, the current code would break. A safer pattern would be:

     while IFS= read -r file; do
-        file=$(echo "$file" | sed 's|^rust/main/||')
+        file="${file#rust/main/}"
         # Check which workspace this file belongs to
         for member in $WORKSPACE_MEMBERS; do

Using a while-read loop avoids the word-splitting risk. Also, parameter expansion ${file#rust/main/} is more efficient than sed.

86-86: Workspace extraction relies on grep -A 100 buffer, which may be fragile.

Line 86 assumes the [members = [ section appears within 100 lines of [workspace]. For typical Cargo.toml this is safe, but a more robust approach would use a dedicated parser or read until the closing ]:

WORKSPACE_MEMBERS=$(sed -n '/^\[workspace\]/,/^\[/p' "$RUST_MAIN_DIR/Cargo.toml" | sed -n '/^members = \[/,/^\]/p' | grep '"' | sed 's/[", ]//g')

This ensures we capture the full members array regardless of section size. Not urgent, but worth considering for resilience.

146-146: Declare and assign separately to avoid masking command exit codes.

Line 146 combines declaration and assignment:

-    local workspace_file=$(echo "$workspace" | tr '/' '_')
+    local workspace_file
+    workspace_file=$(echo "$workspace" | tr '/' '_')

This ensures if the pipeline fails, the error code isn't masked by the local declaration. Shellcheck flags this (SC2155).

.github/workflows/rust-release.yml (3)

48-48: Tighten shell variable quoting throughout inline scripts for robustness.

Multiple inline shell commands have unquoted variables that could break with special characters:

Line 48:

-          LATEST_TAG=$(../scripts/ci/get-latest-agents-tag.sh)
+          LATEST_TAG="$(../scripts/ci/get-latest-agents-tag.sh)"

Line 71 (and others):

-          CURRENT_VERSION=$(../scripts/ci/get-workspace-version.sh)
+          CURRENT_VERSION="$(../scripts/ci/get-workspace-version.sh)"

While unlikely in practice (versions and tags are controlled), quoting prevents word-splitting surprises.

Also applies to: 71-71, 114-114, 127-127, 178-178, 243-243, 267-267

85-85: Use parameter expansion instead of sed for simple string substitution.

Line 85:

-            LATEST_VERSION=$(echo "$LATEST_TAG" | sed 's/agents-v//')
+            LATEST_VERSION="${LATEST_TAG#agents-v}"

Line 267 (similar pattern, though more complex context):

-              BETA_NUM=$(echo "$LAST_BETA" | sed 's/.*beta\.\([0-9]*\)/\1/')
+              BETA_NUM="${LAST_BETA##*beta.}"

Parameter expansion is faster and clearer.

Also applies to: 323-323

156-172: Cargo.lock update commands should handle offline failures more gracefully.

Lines 165 and 170 attempt offline updates with a fallback:

cargo update --workspace --offline 2>/dev/null || cargo update --workspace

This is reasonable, but suppressing stderr on the first attempt means errors are silent. Consider:

if cargo update --workspace --offline 2>&1; then
  echo "Updated using offline mode"
else
  echo "Offline update failed, attempting online update..."
  cargo update --workspace
fi

Or keep it simple if the current fallback behavior is intended. Not a blocker, just a minor observability improvement.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ab51762 and 40595e0.

📒 Files selected for processing (6)
  • .github/workflows/rust-release.yml (1 hunks)
  • rust/scripts/ci/determine-next-version.sh (1 hunks)
  • rust/scripts/ci/generate-workspace-changelog.sh (1 hunks)
  • rust/scripts/ci/get-latest-agents-tag.sh (1 hunks)
  • rust/scripts/ci/get-workspace-version.sh (1 hunks)
  • rust/scripts/ci/update-workspace-version.sh (1 hunks)
🧰 Additional context used
🧠 Learnings (8)
📓 Common learnings 
Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/testnet_config.json in future code reviews as requested by paulbalaji.

Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/mainnet_config.json in future code reviews as requested by paulbalaji.

Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/relayer/**/src/**/*.rs : Maintain relayer agent Rust sources under rust/main/agents/relayer
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/scraper/**/src/**/*.rs : Maintain scraper agent Rust sources under rust/main/agents/scraper

Applied to files:

  • rust/scripts/ci/get-latest-agents-tag.sh
  • rust/scripts/ci/generate-workspace-changelog.sh
  • .github/workflows/rust-release.yml
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/relayer/**/src/**/*.rs : Maintain relayer agent Rust sources under rust/main/agents/relayer

Applied to files:

  • rust/scripts/ci/get-latest-agents-tag.sh
  • rust/scripts/ci/generate-workspace-changelog.sh
  • .github/workflows/rust-release.yml
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/validator/**/src/**/*.rs : Maintain validator agent Rust sources under rust/main/agents/validator

Applied to files:

  • rust/scripts/ci/get-latest-agents-tag.sh
  • rust/scripts/ci/generate-workspace-changelog.sh
  • .github/workflows/rust-release.yml
📚 Learning: 2025-08-26T13:46:37.695Z 
Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/mainnet_config.json in future code reviews as requested by paulbalaji.

Applied to files:

  • rust/scripts/ci/generate-workspace-changelog.sh
📚 Learning: 2025-08-26T13:46:37.695Z 
Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/testnet_config.json in future code reviews as requested by paulbalaji.

Applied to files:

  • rust/scripts/ci/generate-workspace-changelog.sh
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/{hyperlane-core,hyperlane-base}/**/src/**/*.rs : Keep shared Rust core crates in rust/main/{hyperlane-core,hyperlane-base}

Applied to files:

  • .github/workflows/rust-release.yml
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/chains/{hyperlane-ethereum,hyperlane-cosmos,hyperlane-sealevel,hyperlane-fuel}/**/src/**/*.rs : Keep chain support implementations within rust/main/chains/{hyperlane-ethereum,hyperlane-cosmos,hyperlane-sealevel,hyperlane-fuel}

Applied to files:

  • .github/workflows/rust-release.yml
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

35-35: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

48-48: shellcheck reported issue in this script: SC2086:info:6:30: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:14:32: Double quote to prevent globbing and word splitting

(shellcheck)

48-48: shellcheck reported issue in this script: SC2086:info:17:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:3:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:10:29: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:12:33: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2001:style:14:20: See if you can use ${variable//search/replace} instead

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:15:44: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:20:35: Double quote to prevent globbing and word splitting

(shellcheck)

71-71: shellcheck reported issue in this script: SC2086:info:23:36: Double quote to prevent globbing and word splitting

(shellcheck)

100-100: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

114-114: shellcheck reported issue in this script: SC2086:info:6:36: Double quote to prevent globbing and word splitting

(shellcheck)

114-114: shellcheck reported issue in this script: SC2086:info:7:32: Double quote to prevent globbing and word splitting

(shellcheck)

127-127: shellcheck reported issue in this script: SC2086:info:25:6: Double quote to prevent globbing and word splitting

(shellcheck)

178-178: shellcheck reported issue in this script: SC2086:info:48:34: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2129:style:1:1: Consider using { cmd1; cmd2; } >> file instead of individual redirects

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:1:53: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:2:12: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:3:52: Double quote to prevent globbing and word splitting

(shellcheck)

243-243: shellcheck reported issue in this script: SC2086:info:4:69: Double quote to prevent globbing and word splitting

(shellcheck)

251-251: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

267-267: shellcheck reported issue in this script: SC2001:style:16:18: See if you can use ${variable//search/replace} instead

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:90:59: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:91:87: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:92:12: Double quote to prevent globbing and word splitting

(shellcheck)

267-267: shellcheck reported issue in this script: SC2086:info:93:97: Double quote to prevent globbing and word splitting

(shellcheck)

🪛 Shellcheck (0.11.0)
rust/scripts/ci/generate-workspace-changelog.sh

[warning] 146-146: Declare and assign separately to avoid masking return values.

(SC2155)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (55)
  • GitHub Check: coverage
  • GitHub Check: infra-test
  • GitHub Check: Update Release PR
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-ism-updates)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-install-test-run
  • GitHub Check: build-and-push-to-gcr
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: lint-rs
  • GitHub Check: lander-coverage
  • GitHub Check: test-rs
🔇 Additional comments (8)
rust/scripts/ci/get-workspace-version.sh (1)

1-19: Straight outta the swamp, this script does what it needs to do.

Clean extraction logic. The grep-sed pipeline grabs the version from the workspace.package section without fuss.

rust/scripts/ci/update-workspace-version.sh (1)

1-41: Looks like a well-oiled machine—proper validation and clean awk logic.

The state-machine approach in awk to isolate [workspace.package] and update only the version field is spot-on. One small thought: if awk errors out, the .new file lingers. Could add a trap to clean it up, but in a CI context this is usually fine. The atomic move is solid.

rust/scripts/ci/get-latest-agents-tag.sh (1)

1-12: Ogre logic, layer upon layer—this one's got the semver filter just right.

Neat single-pipeline approach. The regex correctly excludes prerelease tags, and the || true ensures it exits cleanly whether tags exist or not. Downstream scripts will appreciate the predictable empty-string fallback.

rust/scripts/ci/determine-next-version.sh (2)

22-29: Clear argument handling with sensible defaults.

Nice fallback to latest tag when no commit range is specified. The logic chains properly.

53-80: Conventional commit parsing looks good, but version format is assumed to be strict SemVer.

The IFS split on line 53 expects X.Y.Z exactly. If a version like 1.4 comes through (no patch), the read will only capture 2 values and PATCH remains unset. In practice, Cargo.toml enforces proper SemVer, so this should be fine—just something to keep in mind if this script ever handles version strings from other sources.

The breaking change detection covers both the !: suffix and the BREAKING CHANGE: body marker, which aligns with semantic-release conventions. Commit categorization defaults to patch for unrecognized types, which is a safe fallback.

.github/workflows/rust-release.yml (3)

35-35: Custom runner label "depot-ubuntu-latest" may not exist in standard GitHub Actions.

The workflow uses runs-on: depot-ubuntu-latest on lines 35, 100, and 251. This label is not in GitHub's standard set. If this is a custom self-hosted runner or Depot integration, ensure:

  1. The label is configured in your self-hosted runner setup
  2. Or Depot is integrated and configured to provide this label
  3. Otherwise, the workflow will fail with "No runners available for this label"

Consider documenting this dependency or using a fallback like ubuntu-latest with conditional Depot steps if needed.

Also applies to: 100-100, 251-251

302-317: Changelog generation excludes the version-bump commit for stable releases.

Lines 307-310 intentionally use HEAD~1 for stable releases (excluding the version bump commit) but HEAD for prereleases. This logic is sound—stable releases should exclude the auto-commit that bumped the version, while manual prerelease runs have no such commit. Nice touch.

239-248: Release PR summary provides clear context.

The Summary step outputs relevant version info to the step summary. Clean and informative for release auditing.

coderabbitai[bot]
coderabbitai bot reviewed Oct 29, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

♻️ Duplicate comments (1)
.github/workflows/rust-release.yml (1)

7-7: Remove test branch before merging to main.

The test branch pb/rust-release-cargo is here for temporary testing and should be removed before merging this PR.

Apply this diff:

  on:
    push:
      branches:
        - main
-       - pb/rust-release-cargo # for testing
      paths:
🧹 Nitpick comments (1)
.github/workflows/rust-release.yml (1)

164-171: Strengthen error handling for cargo updates.

The fallback from offline to online mode is pragmatic, but if both fail, the workflow continues silently. Consider adding explicit error handling to surface failures, especially for critical lock file updates.

Apply this diff to fail fast on cargo errors:

  # Update Cargo.lock in rust/main
  cd rust/main
- cargo update --workspace --offline 2>/dev/null || cargo update --workspace
+ cargo update --workspace --offline 2>/dev/null || cargo update --workspace || { echo "Failed to update Cargo.lock in rust/main" >&2; exit 1; }
  echo "Updated rust/main/Cargo.lock"

  # Update Cargo.lock in rust/sealevel
  cd ../sealevel
- cargo update --workspace --offline 2>/dev/null || cargo update --workspace
+ cargo update --workspace --offline 2>/dev/null || cargo update --workspace || { echo "Failed to update Cargo.lock in rust/sealevel" >&2; exit 1; }
  echo "Updated rust/sealevel/Cargo.lock"
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 40595e0 and 322c54b.

📒 Files selected for processing (1)
  • .github/workflows/rust-release.yml (1 hunks)
🧰 Additional context used
🧠 Learnings (4)
📓 Common learnings 
Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/testnet_config.json in future code reviews as requested by paulbalaji.

Learnt from: paulbalaji
PR: hyperlane-xyz/hyperlane-monorepo#6943
File: rust/main/config/mainnet_config.json:965-965
Timestamp: 2025-08-26T13:46:37.695Z
Learning: In the repository hyperlane-xyz/hyperlane-monorepo, skip reviewing the file rust/main/config/mainnet_config.json in future code reviews as requested by paulbalaji.

Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/relayer/**/src/**/*.rs : Maintain relayer agent Rust sources under rust/main/agents/relayer

Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/validator/**/src/**/*.rs : Maintain validator agent Rust sources under rust/main/agents/validator

Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/scraper/**/src/**/*.rs : Maintain scraper agent Rust sources under rust/main/agents/scraper
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/relayer/**/src/**/*.rs : Maintain relayer agent Rust sources under rust/main/agents/relayer

Applied to files:

  • .github/workflows/rust-release.yml
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/validator/**/src/**/*.rs : Maintain validator agent Rust sources under rust/main/agents/validator

Applied to files:

  • .github/workflows/rust-release.yml
📚 Learning: 2025-09-02T18:44:06.598Z 
Learnt from: CR
PR: hyperlane-xyz/hyperlane-monorepo#0
File: CLAUDE.md:0-0
Timestamp: 2025-09-02T18:44:06.598Z
Learning: Applies to rust/main/agents/scraper/**/src/**/*.rs : Maintain scraper agent Rust sources under rust/main/agents/scraper

Applied to files:

  • .github/workflows/rust-release.yml
🪛 actionlint (1.7.8)
.github/workflows/rust-release.yml

35-35: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

100-100: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

251-251: label "depot-ubuntu-latest" is unknown. available labels are "windows-latest", "windows-latest-8-cores", "windows-2025", "windows-2022", "windows-11-arm", "ubuntu-latest", "ubuntu-latest-4-cores", "ubuntu-latest-8-cores", "ubuntu-latest-16-cores", "ubuntu-24.04", "ubuntu-24.04-arm", "ubuntu-22.04", "ubuntu-22.04-arm", "macos-latest", "macos-latest-xl", "macos-latest-xlarge", "macos-latest-large", "macos-26-xlarge", "macos-26", "macos-15-intel", "macos-15-xlarge", "macos-15-large", "macos-15", "macos-14-xl", "macos-14-xlarge", "macos-14-large", "macos-14", "macos-13-xl", "macos-13-xlarge", "macos-13-large", "macos-13", "self-hosted", "x64", "arm", "arm64", "linux", "macos", "windows". if it is a custom label for self-hosted runner, set list of labels in actionlint.yaml config file

(runner-label)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (58)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, igp)
  • GitHub Check: env-test-matrix (testnet4, sepolia, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, core)
  • GitHub Check: env-test-matrix (mainnet3, inevm, igp)
  • GitHub Check: env-test-matrix (mainnet3, optimism, igp)
  • GitHub Check: env-test-matrix (mainnet3, optimism, core)
  • GitHub Check: cli-evm-e2e-matrix (warp-send)
  • GitHub Check: env-test-matrix (mainnet3, inevm, core)
  • GitHub Check: env-test-matrix (mainnet3, arbitrum, core)
  • GitHub Check: env-test-matrix (mainnet3, ethereum, igp)
  • GitHub Check: cli-evm-e2e-matrix (warp-deploy)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-ism-updates)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-basic)
  • GitHub Check: cli-evm-e2e-matrix (warp-rebalancer)
  • GitHub Check: cli-evm-e2e-matrix (warp-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-config)
  • GitHub Check: cli-evm-e2e-matrix (warp-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-2)
  • GitHub Check: cli-evm-e2e-matrix (core-init)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-2)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-1)
  • GitHub Check: cli-evm-e2e-matrix (warp-extend-recovery)
  • GitHub Check: cli-evm-e2e-matrix (warp-check-3)
  • GitHub Check: cli-evm-e2e-matrix (relay)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-1)
  • GitHub Check: cli-evm-e2e-matrix (core-deploy)
  • GitHub Check: cli-evm-e2e-matrix (core-check)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-2)
  • GitHub Check: cli-evm-e2e-matrix (core-apply)
  • GitHub Check: cli-evm-e2e-matrix (warp-bridge-1)
  • GitHub Check: cli-evm-e2e-matrix (core-read)
  • GitHub Check: cli-evm-e2e-matrix (warp-apply-submitters)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-read)
  • GitHub Check: cli-cosmos-e2e-matrix (core-check)
  • GitHub Check: cli-cosmos-e2e-matrix (warp-deploy)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-apply)
  • GitHub Check: cli-cosmos-e2e-matrix (core-deploy)
  • GitHub Check: cli-cosmos-e2e-matrix (core-read)
  • GitHub Check: cli-cosmos-e2e-matrix (core-apply)
  • GitHub Check: cli-cross-chain-e2e-matrix (warp-deploy)
  • GitHub Check: cosmos-sdk-e2e-run
  • GitHub Check: coverage-run
  • GitHub Check: cli-install-test-run
  • GitHub Check: yarn-test-run
  • GitHub Check: Update Release PR
  • GitHub Check: e2e-matrix (starknet)
  • GitHub Check: e2e-matrix (radix)
  • GitHub Check: e2e-matrix (sealevel)
  • GitHub Check: e2e-matrix (evm)
  • GitHub Check: e2e-matrix (cosmosnative)
  • GitHub Check: e2e-matrix (cosmwasm)
  • GitHub Check: agent-configs (mainnet3)
  • GitHub Check: yarn-install
  • GitHub Check: agent-configs (testnet4)
  • GitHub Check: lint-rs
  • GitHub Check: lander-coverage
  • GitHub Check: test-rs
  • GitHub Check: build-and-push-to-gcr
🔇 Additional comments (4)
.github/workflows/rust-release.yml (4)

35-35: Depot runner label is intentional; actionlint warning is a false positive.

depot-ubuntu-latest is a valid Depot service alias, so the actionlint warnings can be safely ignored. This is a custom runner from a third-party CI service, not a standard GitHub-hosted runner.

116-116: Verify helper scripts are included in PR.

The workflow relies on several helper scripts (determine-next-version.sh, get-latest-agents-tag.sh, get-workspace-version.sh, update-workspace-version.sh, generate-workspace-changelog.sh). Confirm these are all added/present in this PR.

319-325: Verify version bump commit remains at HEAD between jobs.

The publish job assumes the version bump commit (from the merged release-pr) is at HEAD when it runs. If other commits land on main between the release-pr merge and when the publish job executes, HEAD~1 would skip the wrong commit range. Confirm the release flow guarantees this timing, or consider a more explicit commit-reference strategy (e.g., deriving from git tags rather than commit count).

336-351: Robust handling of GitHub release-notes API.

The workflow gracefully handles cases where the GitHub API call for release notes fails (line 337 pipes to /dev/null with fallback to empty string). This is good defensive coding—the release will still be created even if auto-generated notes aren't available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@ameten ameten Awaiting requested review from ameten ameten is a code owner

@kamiyaa kamiyaa Awaiting requested review from kamiyaa kamiyaa is a code owner

@yjamin yjamin Awaiting requested review from yjamin yjamin is a code owner

@xeno097 xeno097 Awaiting requested review from xeno097

@Mo-Hussain Mo-Hussain Awaiting requested review from Mo-Hussain

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Hyperlane Tasks
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@paulbalaji