Skip to content

Mirror Node SDK releases to internal feed#2025

Open
MackinnonBuck wants to merge 4 commits into
mainfrom
mackinnonbuck-mirror-sdk-releases-internally
Open

Mirror Node SDK releases to internal feed#2025
MackinnonBuck wants to merge 4 commits into
mainfrom
mackinnonbuck-mirror-sdk-releases-internally

Conversation

@MackinnonBuck

@MackinnonBuck MackinnonBuck commented Jul 17, 2026

Copy link
Copy Markdown
Collaborator

Why

Stable, prerelease, and unstable Node SDK releases should mirror to the internal Azure Artifacts feed after authoritative publication to public npm.

What

  • Fail closed before packaging unless the selected @github/copilot-sdk version is definitively absent from public npm.
  • Build and pack once in an immutable prerequisite job, then publish the exact same tarball artifact to public npm and the internal feed.
  • Recover from narrowly recognized immutable-version conflicts for public npm and Azure Artifacts.
  • Add a required downstream internal publish job using Azure OIDC and the existing copilot-canary feed.
  • Preserve canary behavior and existing non-Node release publication and finalization behavior.

Retry semantics

Fresh or full reruns fail before packaging when the selected version already exists. Rerunning failed jobs skips successful prerequisite jobs, reuses their immutable tarball artifact, and treats only known immutable-version conflicts as successful retries.

Validation

  • Focused Vitest coverage for preflight and conflict classification
  • Targeted ESLint and Prettier checks
  • actionlint .github/workflows/publish.yml
  • git diff --check
  • Live internal-feed validation from a separate stacked test branch: the first attempt published internally and intentionally failed; rerunning failed jobs reused the successful package artifact and recovered the Azure immutable-version conflict without rebuilding or repacking.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: b6e76edd-7acc-4681-a884-56d16967c048
@github-actions

This comment has been minimized.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: b6e76edd-7acc-4681-a884-56d16967c048
@github-actions

This comment has been minimized.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: b6e76edd-7acc-4681-a884-56d16967c048
@github-actions

This comment has been minimized.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>

Copilot-Session: b6e76edd-7acc-4681-a884-56d16967c048
@github-actions

Copy link
Copy Markdown
Contributor

SDK Consistency Review

No cross-SDK API consistency issues found.

This PR modifies CI/CD publish infrastructure (.github/workflows/publish.yml, nodejs/scripts/npm-release.js) rather than SDK API surface. Specifically:

  • Packaging/publishing split (package-nodejspublish-nodejs): Node.js-specific CI improvement.
  • Preflight version check: Guards against re-publishing an already-published Node.js version on npm.
  • Internal Azure Artifacts mirror (publish-nodejs-internal): Intentionally Node-only; no expectation that other SDKs mirror to the same internal feed.
  • Permission refactoring: Principle-of-least-privilege permission cleanup is applied consistently across all SDK publish jobs (.NET, Python, Java, Rust all get contents: read / id-token: write).
  • Conflict/error handling in npm-release.js: npm-ecosystem-specific logic; equivalent behavior for NuGet, PyPI, crates.io, Maven is outside scope.

No SDK client API changes were introduced, so there are no cross-language consistency gaps.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

  • awmgmcpg

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "awmgmcpg"

See Network Configuration for more information.

Generated by SDK Consistency Review Agent for #2025 · 34.1 AIC · ⌖ 5.09 AIC · ⊞ 5K ·

@MackinnonBuck
MackinnonBuck marked this pull request as ready for review July 17, 2026 22:16
@MackinnonBuck
MackinnonBuck requested a review from a team as a code owner July 17, 2026 22:16
Copilot AI review requested due to automatic review settings July 17, 2026 22:16

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds reliable Node SDK mirroring from public npm to the internal Azure Artifacts feed.

Changes:

  • Adds fail-closed npm preflight and conflict classification.
  • Packages once and reuses the immutable artifact for both registries.
  • Adds Azure OIDC-based internal publishing and focused tests.
Show a summary per file
File Description
.github/workflows/publish.yml Splits packaging/public/internal publishing and scopes permissions.
nodejs/scripts/npm-release.js Implements preflight and retry conflict handling.
nodejs/test/npm-release.test.ts Tests preflight and conflict classification.

Review details

  • Files reviewed: 3/3 changed files
  • Comments generated: 1
  • Review effort level: Medium

if (result.status === 0) return;

const output = `${result.stdout}\n${result.stderr}`;
if (PUBLIC_CONFLICT.test(output) || (mode === "azure" && AZURE_CONFLICT.test(output))) {
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants