Skip to content

DFM-4530: guard release-branch publish version line#48

Open
franciscofabian wants to merge 1 commit into
mainfrom
DFM-4530-release-version-guard
Open

DFM-4530: guard release-branch publish version line#48
franciscofabian wants to merge 1 commit into
mainfrom
DFM-4530-release-version-guard

Conversation

@franciscofabian

Copy link
Copy Markdown
Collaborator

Summary

Follow-up to the per-MINOR-line hotfix CI (DFM-4530). The publish-package-release job reuses publish-package, which derives the published version from pyproject.toml via codeartifact/timestamp_version. Nothing prevented a stray version bump on a release-vN.M branch from publishing out-of-line artifacts (e.g. a higher MINOR's timestamp build off an older release line).

This adds an assert-release-version guard (wired on publish-package-release) that fails the build if pyproject.toml's MAJOR.MINOR drifts from the release-vN.M branch line. Mirrors the fix in visualfabriq/vf_initialize_data#261 (Finding 2) and visualfabriq/translate#62.

Test plan

  • CircleCI config validates
  • main publish unaffected (guard defaults off)
  • A release-vN.M branch with a mismatched pyproject.toml version fails the publish

jira: DFM-4530

Follow-up to the per-MINOR-line hotfix CI (DFM-4530). publish-package-release
reuses publish-package, which derives the version from pyproject.toml via
codeartifact/timestamp_version, with nothing preventing a stray version bump on
a release-vN.M branch from publishing out-of-line artifacts. Add an
assert-release-version guard (wired on publish-package-release) that fails the
build if pyproject.toml's MAJOR.MINOR drifts from the branch line. Mirrors
visualfabriq/vf_initialize_data#261 (Finding 2) and visualfabriq/translate#62.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@franciscofabian franciscofabian requested a review from a team as a code owner June 2, 2026 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant