Skip to content

ci(cd): verify tag commit is reachable from master (#439)#445

Merged
nanotaboada merged 2 commits intomasterfrom
ci/verify-tag-commit-reachable-from-master-439
Apr 3, 2026
Merged

ci(cd): verify tag commit is reachable from master (#439)#445
nanotaboada merged 2 commits intomasterfrom
ci/verify-tag-commit-reachable-from-master-439

Conversation

@nanotaboada
Copy link
Copy Markdown
Owner

@nanotaboada nanotaboada commented Apr 3, 2026

Summary

  • Adds a "Verify tag commit is reachable from master" step to the release job in .github/workflows/dotnet-cd.yml
  • Uses git merge-base --is-ancestor to check ancestry — direct exit code, no output parsing
  • Placed immediately after "Checkout repository" and before "Extract version from tag" so the pipeline fails fast before any build or publish work

Closes #439

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores

    • Added a validation step in the release pipeline that blocks deployments if a release tag’s commit is not already present on the main branch, preventing incomplete releases from proceeding.
  • Documentation

    • Updated the changelog to record the new release-pipeline verification step and its effect on deployment flow.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 3, 2026

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: e9a08428-9617-4476-89c1-49345c36efc5

📥 Commits

Reviewing files that changed from the base of the PR and between 2a6349d and 6284e51.

📒 Files selected for processing (1)
  • .github/workflows/dotnet-cd.yml
✅ Files skipped from review due to trivial changes (1)
  • .github/workflows/dotnet-cd.yml

Walkthrough

A pre-release verification step was added to the CD workflow to confirm the tagged commit (github.sha) is reachable from origin/master using git merge-base --is-ancestor; the workflow fails early with a clear error if the check does not pass. CHANGELOG updated accordingly.

Changes

Cohort / File(s) Summary
CD Workflow Verification
.github/workflows/dotnet-cd.yml
Added a step "Verify tag commit is reachable from master" immediately after checkout that runs git merge-base --is-ancestor origin/master ${{ github.sha }} and exits with an error message when the check fails.
Documentation
CHANGELOG.md
Added entry under Unreleased → Changed documenting the new pre-build/publish verification step for tag commit reachability.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Assessment against linked issues

Objective Addressed Explanation
Add verification step to check tag commit is reachable from master [#439]
Place step immediately after repository checkout [#439]
Fail early with descriptive error if tag commit not reachable from master [#439]
Ensure step executes before build, test, or publish steps [#439]

Possibly related issues

Possibly related PRs

🚥 Pre-merge checks | ✅ 2
✅ Passed checks (2 passed)
Check name Status Explanation
Title check ✅ Passed The title follows Conventional Commits format with 'ci(cd):' prefix, is descriptive and specific about adding a verification step, stays well under 80 characters (57 total), and directly corresponds to the main changes in the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

📋 Issue Planner

Built with CodeRabbit's Coding Plans for faster development and fewer bugs.

View plan used: #439

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ci/verify-tag-commit-reachable-from-master-439
  • 🛠️ sync documentation: Commit on current branch
  • 🛠️ sync documentation: Create PR
  • 🛠️ enforce http error handling: Commit on current branch
  • 🛠️ enforce http error handling: Create PR
  • 🛠️ idiomatic review: Commit on current branch
  • 🛠️ idiomatic review: Create PR
  • 🛠️ verify api contract: Commit on current branch
  • 🛠️ verify api contract: Create PR

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 3, 2026

@nanotaboada nanotaboada merged commit 3bcedda into master Apr 3, 2026
9 checks passed
@nanotaboada nanotaboada deleted the ci/verify-tag-commit-reachable-from-master-439 branch April 3, 2026 19:15
@coderabbitai coderabbitai Bot mentioned this pull request Apr 11, 2026
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Verify tag commit is reachable from master before release

1 participant