Skip to content

fix(release): merge engine's release with its dependents (mcp, miner)#7114

Merged
JSONbored merged 1 commit into
mainfrom
fix/release-please-node-workspace-merge
Jul 17, 2026
Merged

fix(release): merge engine's release with its dependents (mcp, miner)#7114
JSONbored merged 1 commit into
mainfrom
fix/release-please-node-workspace-merge

Conversation

@JSONbored

Copy link
Copy Markdown
Owner

Summary

The actual root cause of the mcp/miner v3.1.x release churn this session (#7086, #7087, #7107, #7108): engine's release and its dependents' (packages/loopover-mcp and packages/loopover-miner both carry a real runtime dependencies entry on @loopover/engine) release each landed as separate PRs/commits.

release-please's node-workspace plugin still bumps a dependent's @loopover/engine version range the moment engine's own version changes -- that part is correct and desired. But with merge: false (this repo's prior override of the plugin's own default), it does that bump on the dependent's own separate branch, not engine's. So the dependent's package.json ends up requiring an engine version that exists nowhere: not locally (engine's bump lives on a different, unmerged branch), and not on npm (it hasn't published yet). npm ci then fails with ETARGET until a human notices, manually walks engine's release through to publish, then updates the dependent's branch. That's exactly what ate hours across this session.

merge: true is the plugin's own purpose-built mechanism for this exact scenario: it combines a package with the dependents its own dependency-bump logic pulled in as candidates into one PR/commit. Engine's new version and its dependents' bumped ranges land together atomically -- npm workspaces then resolves @loopover/engine from the local checkout, which always satisfies the range regardless of npm registry publish timing or ordering. This eliminates the failure mode structurally instead of reacting to it after the fact.

packages/loopover-ui-kit has no dependency edge to any other package in this repo, so it's never pulled into the merge and keeps its fully independent release cadence -- confirmed via grep '@loopover' packages/loopover-ui-kit/package.json returning nothing.

Test plan

  • npm run actionlint -- clean
  • npm run typecheck -- clean (after npm run build --workspace @loopover/engine)
  • JSON-validated release-please-config.json
  • Confirmed via googleapis/release-please's own source (src/plugins/workspace.ts) that merge defaults to true and controls exactly this: "If multiple in-scope packages are being updated, it will merge them into a single package [PR]" -- this repo had explicitly overridden that default to false
  • Config/workflow-comment-only change; not measured by Codecov. The real verification is empirical: the next time engine has an unreleased change alongside mcp/miner, release-please should open ONE combined PR instead of three separately-failing ones.

The actual root cause of the mcp/miner v3.1.x release churn: engine's
release and its dependents' (mcp, miner both carry a real runtime
`dependencies` entry on it) release each landed as SEPARATE PRs/commits.
release-please's node-workspace plugin still bumped a dependent's
`@loopover/engine` version range the moment engine's version changed, but
on the dependent's OWN branch -- so the dependent's package.json ended up
requiring an engine version that existed nowhere (not locally, since
engine's bump lived on a different unmerged branch; not on npm, since it
hadn't published yet). `npm ci` failed with ETARGET until a human manually
walked engine through to publish first, then updated the dependent's
branch -- confirmed live across #7086/#7087/#7107/#7108.

merge: true is the plugin's own purpose-built mechanism for exactly this:
it combines a package with the dependents its OWN dependency-bump logic
pulled in as candidates into ONE PR/commit, so engine's new version and
its dependents' bumped ranges land together atomically. npm workspaces
then resolves the dependency from the LOCAL checkout, which always
satisfies the range regardless of npm registry publish timing or ordering
-- eliminating the failure mode structurally rather than papering over it
with an after-the-fact branch-update step. ui-kit has no dependency edge
to any other package here, so it's never pulled into the merge and keeps
its fully independent release cadence.
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@JSONbored JSONbored self-assigned this Jul 17, 2026
@JSONbored
JSONbored merged commit 7be2687 into main Jul 17, 2026
13 checks passed
@JSONbored
JSONbored deleted the fix/release-please-node-workspace-merge branch July 17, 2026 21:52
@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 17, 2026
@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.75%. Comparing base (1b42787) to head (8e31375).
⚠️ Report is 14 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #7114   +/-   ##
=======================================
  Coverage   93.75%   93.75%           
=======================================
  Files         692      692           
  Lines       68808    68809    +1     
  Branches    18781    18781           
=======================================
+ Hits        64511    64512    +1     
  Misses       3302     3302           
  Partials      995      995           
Flag Coverage Δ
shard-1 43.79% <ø> (+<0.01%) ⬆️
shard-2 36.84% <ø> (+<0.01%) ⬆️
shard-3 33.14% <ø> (+<0.01%) ⬆️
shard-4 34.48% <ø> (+<0.01%) ⬆️
shard-5 32.29% <ø> (+<0.01%) ⬆️
shard-6 45.76% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

galuis116 pushed a commit to galuis116/gittensory that referenced this pull request Jul 18, 2026
JSONbored#7114's node-workspace merge:true was insufficient -- verified against
release-please's own manifest.ts and docs/manifest-releaser.md that
separate-pull-requests: true is enforced as the final PR-splitting
decision regardless of what a plugin like node-workspace attempts
internally, so mcp/miner's Release PRs kept landing separately from
engine's even with that flag set (confirmed live: JSONbored#7119/JSONbored#7120/JSONbored#7121 still
required an unpublished @loopover/engine version each).

linked-versions is release-please's actual mechanism for overriding
per-component isolation for a named subset: {engine, mcp, miner} now
release as one PR/commit whenever any of them needs a release, since mcp
and miner both carry a real runtime dependency on engine. ui-kit has no
dependency edge to any of them and is not in the group, so it keeps its
fully independent cadence.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant