fix(updater): harden auto-update execution and release gating (#976)

Co-authored-by: Letta <noreply@letta.com>
2026-02-16 13:20:33 -08:00
parent 0e652712f5
commit ba71ad2696
12 changed files with 905 additions and 51 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -31,6 +31,37 @@ jobs:
      - name: Lint & Type Check
        run: bun run check

+  update-chain-smoke:
+    needs: check
+    name: Update Chain Smoke
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.0
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: "22"
+
+      - name: Install dependencies
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bun install
+
+      - name: Build bundle
+        run: bun run build
+
+      - name: Manual update-chain smoke test
+        run: bun run test:update-chain:manual
+
  build:
    needs: check
    name: ${{ matrix.name }}
--- a/.github/workflows/nightly-update-smoke.yml
+++ b/.github/workflows/nightly-update-smoke.yml
@@ -0,0 +1,37 @@
+name: Nightly Update Smoke
+
+on:
+  schedule:
+    - cron: "0 9 * * *"
+  workflow_dispatch:
+
+jobs:
+  startup-update-chain:
+    name: Startup Update Chain
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.0
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: "22"
+
+      - name: Install dependencies
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bun install
+
+      - name: Build bundle
+        run: bun run build
+
+      - name: Startup update-chain smoke test
+        run: bun run test:update-chain:startup
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,7 +13,40 @@ on:
        default: ""

 jobs:
+  preflight:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: 1.3.0
+
+      - name: Setup Node
+        uses: actions/setup-node@v6
+        with:
+          node-version: "22"
+
+      - name: Install dependencies
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: bun install
+
+      - name: Lint & Type Check
+        run: bun run check
+
+      - name: Build bundle
+        run: bun run build
+
+      - name: Update-chain preflight smoke
+        run: bun run test:update-chain:manual
+
  publish:
+    needs: preflight
    runs-on: ubuntu-latest
    environment: npm-publish
    permissions:
@@ -107,18 +140,20 @@ jobs:
          # Update package.json
          jq --arg version "$NEW_VERSION" '.version = $version' package.json > package.json.tmp
          mv package.json.tmp package.json
+
+          # Keep package-lock versions in sync for npm publish consistency
+          jq --arg version "$NEW_VERSION" '.version = $version | .packages[""].version = $version' package-lock.json > package-lock.json.tmp
+          mv package-lock.json.tmp package-lock.json
          
          echo "old_version=$OLD_VERSION" >> $GITHUB_OUTPUT
          echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
          echo "tag=v$NEW_VERSION" >> $GITHUB_OUTPUT

-      - name: Commit and push version bump
+      - name: Commit and tag version bump (local only)
        run: |
-          git add package.json
+          git add package.json package-lock.json
          git commit -m "chore: bump version to ${{ steps.version.outputs.new_version }} [skip ci]"
          git tag "${{ steps.version.outputs.tag }}"
-          git push origin main
-          git push origin "${{ steps.version.outputs.tag }}"

      - name: Install dependencies
        env:
@@ -142,6 +177,14 @@ jobs:
          LETTA_API_KEY: ${{ secrets.LETTA_API_KEY }}
        run: ./letta.js --prompt "ping" --tools "" --permission-mode plan

+      - name: Publish to npm
+        run: npm publish --access public --tag ${{ steps.version.outputs.npm_tag }}
+
+      - name: Push commit and tag after publish
+        run: |
+          git push origin main
+          git push origin "${{ steps.version.outputs.tag }}"
+
      - name: Create GitHub Release
        if: steps.version.outputs.is_prerelease == 'false'
        uses: softprops/action-gh-release@v2
@@ -153,6 +196,3 @@ jobs:
          generate_release_notes: true
          files: letta.js
          fail_on_unmatched_files: true
-
-      - name: Publish to npm
-        run: npm publish --access public --tag ${{ steps.version.outputs.npm_tag }}