fix(auto-publish): compose URL from STARSTATS_API_URL instead of a separate secret#133
Merged
Merged
Conversation
…parate secret PR #128 introduced a `ROADMAP_PUBLISH_URL` env var holding the full URL of the publish endpoint. Followed the same pattern as `ROADMAP_EVENTS_URL`, but it was wrong here: STARSTATS_API_URL already exists as a secret (set up for the earlier JWT-based admin publish script in PR #113), and the publish endpoint is just `${STARSTATS_API_URL}/v1/internal/roadmap/changelog/publish` — one path, one composition rule, no second secret to provision. Switch the script to compose from STARSTATS_API_URL, drop the ROADMAP_PUBLISH_URL plumbing entirely. The release.yml job now reads only `secrets.STARSTATS_API_URL` (already provisioned, set to `https://api.starstats.app`), so the auto-publish path activates on the next live release without any additional operator action. Trailing-slash tolerance: `replace(/\/+$/, "")` on the base so `https://api.starstats.app` and `https://api.starstats.app/` both resolve identically. Surfaced post-merge of #128: today's tray-v1.8.10 live release ran the auto-publish job successfully but no-op'd with `ROADMAP_PUBLISH_URL not set (pipeline not configured)`. After this PR ramps + merges, the next live release exercises the HMAC path for real with no secret-provisioning step in between. Not harmonizing `ROADMAP_EVENTS_URL` in the same PR — that's a separate refactor on a stable existing path, low value to bundle.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
scripts/auto-publish-changelog.mjsnow readsSTARSTATS_API_URL(existing secret) and composes the publish endpoint path itself.ROADMAP_PUBLISH_URLplumbing dropped from script + workflow.Why
PR #128 mirrored the
ROADMAP_EVENTS_URLpattern (full URL per endpoint as a separate secret), but that was over-engineered here.STARSTATS_API_URLwas already provisioned for the earlier JWT-based admin publish script (PR #113), and the publish endpoint URL is fully derivable from it. One secret instead of two — and after this PR ramps, the auto-publish path activates on the next live release with no additional operator step.Surfaced empirically: today's
tray-v1.8.10live release ran the auto-publish job to green status, but the log showed[auto-publish] no-op: ROADMAP_PUBLISH_URL not set (pipeline not configured)— the secret just wasn't there. Rather than provision a redundant secret, drop the redundancy.Test plan
node -c scripts/auto-publish-changelog.mjssyntax clean[auto-publish] no-op: ROADMAP_CI_EVENT_HMAC_KEY not setROADMAP_ITEM_SLUG,CHANNEL,ROADMAP_CI_EVENT_HMAC_KEY,STARSTATS_API_URLWhat does NOT change
roadmap-emit-event.mjsstill usesROADMAP_EVENTS_URL(its own full-URL secret). Working, shipped, no value in bundling a parallel refactor.publish-roadmap-drafts.mjs) still usesSTARSTATS_API_URL— no change there.Should land + ramp through alpha→beta→rc→live cycle. Once on Live, the next subsequent release auto-activates the HMAC publish path with zero operator action.