Skip to content

fix(ci): read POSTHOG_PROJECT_ID from secrets, not vars, in release annotation#443

Merged
rhuanbarreto merged 1 commit into
mainfrom
claude/lexical-launching-eclipse
Jul 1, 2026
Merged

fix(ci): read POSTHOG_PROJECT_ID from secrets, not vars, in release annotation#443
rhuanbarreto merged 1 commit into
mainfrom
claude/lexical-launching-eclipse

Conversation

@rhuanbarreto

Copy link
Copy Markdown
Contributor

Summary

  • The "Annotate release in PostHog" step in release.yml read POSTHOG_PROJECT_ID via ${{ vars.POSTHOG_PROJECT_ID }}, but the value was only ever configured as a repo secretgh variable list returns zero repo variables. vars.POSTHOG_PROJECT_ID therefore always resolved to an empty string.
  • Combined with continue-on-error: true and a guard clause that does exit 0 (not a failure) when required config is missing, the step silently no-opped on every release for ~3 weeks (v0.45.0 through v0.45.7, 9 releases) with no CI failure to surface it — confirmed via gh run view --log, which shows POSTHOG_PROJECT_ID: blank in the step's masked env dump for the v0.45.7 run.
  • Fixes the source to secrets.POSTHOG_PROJECT_ID to match where the value actually lives, and bumps the skip notice from ::notice:: to ::warning:: so a future misconfiguration shows up as a visible warning in the Actions UI instead of a low-visibility notice.
  • Backfilled the 8 missing annotations (v0.45.0v0.45.7) directly in PostHog using each release's actual createdAt timestamp from gh release view, matching the existing backfill convention. v0.44.0 is intentionally excluded — it was never actually released (its Validate step failed in CI, so no tag/GitHub release/npm publish ever happened).
  • Documented the secrets.* vs vars.* footgun in CLAUDE.md and agent memory so it isn't repeated for future optional/telemetry CI steps.

Test plan

  • bun run cli check — 39/39 ADR checks pass
  • bun run validate — lint, typecheck, format, full test suite (1313 pass), knip, build check all pass
  • archgate:reviewer skill — APPROVED across CI / Distribution / General / General-Process domains, 0 violations, 0 warnings
  • Verified via gh secret list / gh variable list that POSTHOG_PROJECT_ID exists only as a secret
  • Verified via gh run view <run-id> --log on the v0.45.7 release run that the step previously printed POSTHOG_PROJECT_ID: (blank) and hit the skip branch
  • Backfilled 8 missing PostHog annotations for v0.45.0v0.45.7

https://claude.ai/code/session_01LNyWAf84Y8zLMwLWgbZ51K

…nnotation

The "Annotate release in PostHog" step in release.yml read
POSTHOG_PROJECT_ID via ${{ vars.POSTHOG_PROJECT_ID }}, but the value was
only ever configured as a repo secret (gh secret list), never as a repo
variable (gh variable list returns none). vars.POSTHOG_PROJECT_ID
therefore always resolved to an empty string.

Combined with continue-on-error: true and a guard clause that exits 0
(not a failure) when required config is missing, the step silently
no-opped on every release for ~3 weeks (v0.45.0-v0.45.7, 9 releases)
with no CI failure to surface it — confirmed via `gh run view --log`
showing POSTHOG_PROJECT_ID blank in the step's env dump.

Fix the source to secrets.POSTHOG_PROJECT_ID to match where the value
actually lives, and bump the skip notice from ::notice:: to ::warning::
so a future misconfiguration is visible in the Actions UI instead of
silently invisible. Backfilled the 8 missing annotations (v0.45.0
through v0.45.7) directly in PostHog; v0.44.0 was never actually
released (its Validate step failed), so it's correctly excluded.

Signed-off-by: Rhuan Barreto <rhuan.barreto@gmail.com>
Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Warning

Review limit reached

@rhuanbarreto, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 33 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: ae5e8acf-176b-4653-9e0a-0010221387a4

📥 Commits

Reviewing files that changed from the base of the PR and between 9da86cf and 3a1a9a8.

📒 Files selected for processing (3)
  • .claude/agent-memory/archgate-developer/MEMORY.md
  • .github/workflows/release.yml
  • CLAUDE.md

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@cloudflare-workers-and-pages

Copy link
Copy Markdown

Deploying archgate-cli with  Cloudflare Pages  Cloudflare Pages

Latest commit: 3a1a9a8
Status: ✅  Deploy successful!
Preview URL: https://84407b3e.archgate-cli.pages.dev
Branch Preview URL: https://claude-lexical-launching-ecl.archgate-cli.pages.dev

View logs

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Code Coverage

Metric Value
Lines 90.0% (6936 / 7709)
Threshold 90% minimum — met
Platforms Linux + Windows

Full HTML report available in workflow artifacts.

Per-directory breakdown
Directory Coverage Lines
src/commands/ 88.1% 1874 / 2128
src/engine/ 90.9% 1463 / 1610
src/formats/ 100.0% 142 / 142
src/helpers/ 90.3% 3457 / 3829

@rhuanbarreto

Copy link
Copy Markdown
Contributor Author

cursor approve

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. All required checks pass (including Cursor Bugbot success), and the fix correctly reads POSTHOG_PROJECT_ID from secrets instead of vars with a visible warning on misconfiguration. No additional reviewers assigned.

Open in Web View Automation 

Sent by Cursor Approval Agent: Archgate CLI Approver

@rhuanbarreto rhuanbarreto merged commit a53b305 into main Jul 1, 2026
21 checks passed
@rhuanbarreto rhuanbarreto deleted the claude/lexical-launching-eclipse branch July 1, 2026 15:54
@archgatebot archgatebot Bot mentioned this pull request Jul 1, 2026
rhuanbarreto pushed a commit that referenced this pull request Jul 3, 2026
# archgate

## [0.46.0](v0.45.7...v0.46.0)
(2026-07-02)

### ⚠ BREAKING CHANGES

* **session-context:** per-editor list/show subcommands; remove --skip
and its false premise (#446)

### Features

* **session-context:** per-editor list/show subcommands; remove --skip
and its false premise
([#446](#446))
([dd96230](dd96230))

### Bug Fixes

* **ci:** read POSTHOG_PROJECT_ID from secrets, not vars, in release
annotation ([#443](#443))
([a53b305](a53b305))
* detect opencode Desktop app installs, not just the CLI
([#439](#439))
([ed92b2b](ed92b2b))
* **hooks:** force bash shell for WorktreeCreate hook on Windows
([#442](#442))
([9da86cf](9da86cf))
* **release:** cap breaking-change bumps to minor while pre-1.0
([#447](#447))
([3df6c91](3df6c91)),
closes [#446](#446)
[#440](#440)
[#440](#440)
[#440](#440)
* repair broken WorktreeCreate hook and add PR approval policy
([#441](#441))
([de5e97d](de5e97d))
* **session-context:** select top-level opencode sessions, add --root
flag ([#445](#445))
([29b13f4](29b13f4))

---
This PR was generated with
[simple-release](https://github.com/TrigenSoftware/simple-release).

<details>
<summary>📄 Cheatsheet</summary>
<br>



You can configure the bot's behavior through a pull request comment
using the `!simple-release/set-options` command.

### Command Format

````md
!simple-release/set-options

```json
{
  "bump": {},
  "publish": {}
}
```
````

### Useful Parameters

#### Bump

| Parameter | Type | Description |
|-----------|------|-------------|
| `version` | `string` | Force set specific version |
| `as` | `'major' \| 'minor' \| 'patch' \| 'prerelease'` | Release type
|
| `prerelease` | `string` | Pre-release identifier (e.g., "alpha",
"beta") |
| `firstRelease` | `boolean` | Whether this is the first release |
| `skip` | `boolean` | Skip version bump |
| `byProject` | `Record<string, object>` | Per-project bump options for
monorepos |

#### Publish

| Parameter | Type | Description |
|-----------|------|-------------|
| `skip` | `boolean` | Skip publishing |
| `access` | `'public' \| 'restricted'` | Package access level |
| `tag` | `string` | Tag for npm publication |

### Usage Examples

#### Force specific version

````md
!simple-release/set-options

```json
{
  "bump": {
    "version": "2.0.0"
  }
}
```
````

#### Force major bump

````md
!simple-release/set-options

```json
{
  "bump": {
    "as": "major"
  }
}
```
````

#### Create alpha pre-release

````md
!simple-release/set-options

```json
{
  "bump": {
    "prerelease": "alpha"
  }
}
```
````

#### Publish with specific access and tag

````md
!simple-release/set-options

```json
{
  "bump": {
    "prerelease": "beta"
  },
  "publish": {
    "access": "public",
    "tag": "beta"
  }
}
```
````

### Access Restrictions

The command can only be used by users with permissions:
- repository owner
- organization member
- collaborator

### Notes

- The last comment with `!simple-release/set-options` command takes
priority
- JSON must be valid, otherwise the command will be ignored
- Parameters apply only to the current release execution
- The command can be updated by editing the comment or adding a new one


</details>

<!--
  Please do not edit this comment.
  simple-release-pull-request: true
  simple-release-branch-from: release
  simple-release-branch-to: main
-->

Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant