release: bump-formula job has failed on every release since run 33 #103

New issue

Open

opened 2026-05-27 00:14:48 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-27 00:14:48 +00:00

Owner

Copy link

Problem

The bump-formula job in .forgejo/workflows/release.yml has failed on every release since run #33 (sha 21072fd, 2026-05-25). All subsequent releases (#34, #35, #36, #37, #38, #39) ship with release: success + bump-formula: failure.

The Forgejo bump-formula job is the equivalent of the dispatch to coilysiren/homebrew-tap from the old GitHub pipeline. With it failing, Formula/coily.rb is not getting the new tag/revision pinned automatically. Every released version since v2.38.0 has only stayed installable via brew upgrade coily because the formula in this repo is what brew reads (forgejo direct-repo tap), and there is one in-repo source of truth - but the pin still isn't refreshing on its own, so brew install users are getting whichever revision was hand-edited last.

(Confirming: most recent commit to Formula/coily.rb is git log -1 --format=%h Formula/coily.rb - need to verify drift between formula pin and current tag.)

Symptom

bump-formula job exits within ~7s of starting on every release run. Failure happens before any visible step output in the API summary. Job is reproducibly red - this is a stable bug, not a flake.

Likely cause (verify against Forgejo UI logs, which aren't exposed via the API in this version)

The coilysiren/agentic-os/actions/bump-formula@main composite was the third action ported as part of coilysiren/coily#80. The likely culprits, ranked:

1. Forgejo's auto-issued ${{ github.token }} (passed implicitly to the composite) lacks the repository: contents:write scope needed to commit Formula/coily.rb back to main. The release and new windows-assets jobs only need read+release; they work. The formula commit needs write-to-main, which may be gated separately.
2. The composite calls the Forgejo Contents API to update Formula/coily.rb, and the existing file SHA lookup is failing because the composite was written against the GitHub Contents API shape and never re-tested against Forgejo.
3. git push from inside the composite is being rejected by a branch protection rule on main (rulesets applied via agentic-os/scripts/rulesets/default.json).

Repro

Any push to main triggers the workflow. bump-formula will fail in ~7s.

Inspect the UI: https://forgejo.coilysiren.me/coilysiren/coily/actions/runs/39 (run number 39, latest as of filing).

Fix sequence

1. Read the actual failure log from the Forgejo UI (API doesn't expose logs in this version).
2. If it's the token scope: either escalate the workflow's permissions: block or set a PAT secret and pass it explicitly.
3. If it's the API shape: fix the composite in coilysiren/agentic-os/actions/bump-formula/action.yml and re-run.
4. If it's branch protection: bypass via a deploy key or the release rule's actor allowlist.

Why now

Now that the Windows release assets are landing correctly (#102 closed), the bump-formula failure is the only red on every release. It also means the brew install path is silently drifting from the tag. Worth fixing before the scoop-bucket cutover so the full release pipeline is green.

Out of scope

• Migrating bump-formula away from a composite to in-line.
• Replacing the brew tap with a different distribution channel.

**Problem** The `bump-formula` job in `.forgejo/workflows/release.yml` has failed on every release since run #33 (sha `21072fd`, 2026-05-25). All subsequent releases (#34, #35, #36, #37, #38, #39) ship with `release: success` + `bump-formula: failure`. The Forgejo `bump-formula` job is the equivalent of the dispatch to `coilysiren/homebrew-tap` from the old GitHub pipeline. With it failing, `Formula/coily.rb` is not getting the new tag/revision pinned automatically. Every released version since v2.38.0 has only stayed installable via `brew upgrade coily` because the formula in this repo is what brew reads (forgejo direct-repo tap), and there is one in-repo source of truth - but the pin still isn't refreshing on its own, so `brew install` users are getting whichever revision was hand-edited last. (Confirming: most recent commit to `Formula/coily.rb` is `git log -1 --format=%h Formula/coily.rb` - need to verify drift between formula pin and current tag.) **Symptom** `bump-formula` job exits within ~7s of starting on every release run. Failure happens before any visible step output in the API summary. Job is reproducibly red - this is a stable bug, not a flake. **Likely cause** (verify against Forgejo UI logs, which aren't exposed via the API in this version) The `coilysiren/agentic-os/actions/bump-formula@main` composite was the third action ported as part of `coilysiren/coily#80`. The likely culprits, ranked: 1. Forgejo's auto-issued `${{ github.token }}` (passed implicitly to the composite) lacks the `repository: contents:write` scope needed to commit `Formula/coily.rb` back to main. The `release` and new `windows-assets` jobs only need read+release; they work. The formula commit needs write-to-main, which may be gated separately. 2. The composite calls the Forgejo Contents API to update `Formula/coily.rb`, and the existing file SHA lookup is failing because the composite was written against the GitHub Contents API shape and never re-tested against Forgejo. 3. `git push` from inside the composite is being rejected by a branch protection rule on `main` (rulesets applied via `agentic-os/scripts/rulesets/default.json`). **Repro** Any push to main triggers the workflow. `bump-formula` will fail in ~7s. Inspect the UI: https://forgejo.coilysiren.me/coilysiren/coily/actions/runs/39 (run number 39, latest as of filing). **Fix sequence** 1. Read the actual failure log from the Forgejo UI (API doesn't expose logs in this version). 2. If it's the token scope: either escalate the workflow's `permissions:` block or set a PAT secret and pass it explicitly. 3. If it's the API shape: fix the composite in `coilysiren/agentic-os/actions/bump-formula/action.yml` and re-run. 4. If it's branch protection: bypass via a deploy key or the `release` rule's actor allowlist. **Why now** Now that the Windows release assets are landing correctly (`#102` closed), the bump-formula failure is the only red on every release. It also means the brew install path is silently drifting from the tag. Worth fixing before the scoop-bucket cutover so the full release pipeline is green. **Out of scope** - Migrating bump-formula away from a composite to in-line. - Replacing the brew tap with a different distribution channel.

coilysiren referenced this issue 2026-05-30 05:43:12 +00:00

release automation: bump-formula fails every run and push did not trigger a new run #137

coilysiren added the

P1

label 2026-05-31 01:52:39 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-306

args-file-mcporter

claude/coily-docker-image-FF2Rw

claude/busy-almeida-0168e4

v2.50.0

v2.49.1

v2.49.0

v2.48.0

v2.47.0

v2.46.0

v2.45.0

v2.44.1

v2.44.0

v2.43.2

v2.43.1

v2.43.0

v2.42.0

v2.41.0

v2.40.2

v2.40.1

v2.40.0

v2.39.0

v2.37.2

v2.38.0

v2.23.0

v2.37.1

v2.37.0

v2.36.0

v2.35.0

v2.34.0

v2.33.0

v2.32.0

v2.31.0

v2.30.0

v2.29.2

v2.29.1

v2.29.0

v2.28.0

v2.27.0

v2.26.0

v2.25.0

v2.24.0

v2.22.0

v2.21.0

v2.20.0

v2.19.0

v2.18.1

v2.18.0

v2.17.0

v2.16.0

v2.15.2

v2.15.1

v2.15.0

v2.14.0

v2.13.1

v2.13.0

v2.12.0

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.1

v2.7.0

v2.6.0

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.0

v1.13.0

v1.12.0

v1.11.0

v1.10.0

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.123

v1.5.122

v1.5.121

v1.5.120

v1.5.119

v1.5.118

v1.5.117

v1.5.116

v1.5.115

v1.5.114

v1.5.113

v1.5.112

v1.5.111

v1.5.110

v1.5.109

v1.5.108

v1.5.107

v1.5.106

v1.5.105

v1.5.104

v1.5.103

v1.5.102

v1.5.101

v1.5.100

v1.5.99

v1.5.98

v1.5.97

v1.5.96

v1.5.95

v1.5.94

v1.5.93

v1.5.92

v1.5.91

v1.5.90

v1.5.89

v1.5.88

v1.5.87

v1.5.86

v1.5.85

v1.5.84

v1.5.83

v1.5.82

v1.5.81

v1.5.80

v1.5.79

v1.5.78

v1.5.77

v1.5.76

v1.5.75

v1.5.74

v1.5.73

v1.5.72

v1.5.71

v1.5.70

v1.5.69

v1.5.68

v1.5.67

v1.5.66

v1.5.65

v1.5.64

v1.5.63

v1.5.62

v1.5.61

v1.5.60

v1.5.59

v1.5.58

v1.5.57

v1.5.56

v1.5.55

v1.5.54

v1.5.53

v1.5.52

v1.5.51

v1.5.50

v1.5.49

v1.5.48

v1.5.47

v1.5.46

v1.5.45

v1.5.44

v1.5.43

v1.5.42

v1.5.41

v1.5.40

v1.5.39

v1.5.38

v1.5.37

v1.5.36

v1.5.35

v1.5.34

v1.5.33

v1.5.32

v1.5.31

v1.5.30

v1.5.29

v1.5.28

v1.5.27

v1.5.26

v1.5.25

v1.5.24

v1.5.23

v1.5.22

v1.5.21

v1.5.20

v1.5.19

v1.5.18

v1.5.17

v1.5.16

v1.5.15

v1.5.14

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.0

v0.1.0

v0.0.38

v0.0.37

v0.0.36

v0.0.35

v0.0.34

v0.0.33

v0.0.32

v0.0.31

v0.0.30

v0.0.29

v0.0.28

v0.0.27

v0.0.26

v0.0.25

v0.0.24

v0.0.23

v0.0.22

v0.0.21

v0.0.20

v0.0.19

v0.0.18

v0.0.17

v0.0.16

v0.0.15

v0.0.14

v0.0.13

v0.0.12

v0.0.11

v0.0.10

v0.0.9

v0.0.8

v0.0.7

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

tools-latest

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-bridge/coily#103

No description provided.