Conversation
mario-launchdarkly
requested review from
a team and
abelonogov-ld
as code owners
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
.github/workflows/release-please.yml
Outdated
|
|
||
| - name: Publish to CocoaPods | ||
| uses: ./.github/actions/publish | ||
| if: ${{ steps.release.outputs.releases_created == 'true' }} |
There was a problem hiding this comment.
If I remember correctly, when releasing multiple packages from one repo, there are package release specific outputs so that you can split the pod pushes into two separate publish actions.
This makes it so if you make changes to only session replay, release please won't push the observability pod.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| "release-type": "simple", | ||
| "versioning": "default", | ||
| "bump-minor-pre-major": true, | ||
| "extra-files": [ |
There was a problem hiding this comment.
SessionReplay podspec extra-files path resolves to wrong location
High Severity
In release-please, extra-files paths are relative to the package directory, not the repo root. The Sources/LaunchDarklySessionReplay package lists "LaunchDarklySessionReplay.podspec" as an extra file, so release-please will look for it at Sources/LaunchDarklySessionReplay/LaunchDarklySessionReplay.podspec, which doesn't exist. The actual podspec lives at the repo root. This was previously handled correctly when the podspec was listed in the root . package's extra-files. Now the podspec version won't be updated during SessionReplay releases, causing pod trunk push to publish a stale version.
| "packages": { | ||
| ".": { | ||
| "package-name": "swift-launchdarkly-observability", | ||
| "package-name": "LaunchDarklyObservability", |
There was a problem hiding this comment.
Tag collisions from disabled component-in-tag with multiple packages
Medium Severity
With include-component-in-tag: false and include-v-in-tag: false, both packages produce bare version tags (e.g., 0.27.0). Adding the second Sources/LaunchDarklySessionReplay package means both packages will generate identical tag names when at the same version, causing tag collisions in Git. The podspecs also reference :tag => s.version.to_s, so CocoaPods source resolution depends on correct, distinct tags per package. One of these settings likely needs to be true now that there are two independently versioned packages.
Additional Locations (1)
2 participants
Note
Medium Risk
Changes the release pipeline to automatically publish CocoaPods specs on new releases and adds a manual publish path; mistakes in workflow conditions or secrets handling could cause failed or unintended publishes.
Overview
Automates CocoaPods releases by adding composite GitHub Actions to
pod trunk pushLaunchDarklyObservability.podspecandLaunchDarklySessionReplay.podspec, gated by adry_runinput.Adds a
workflow_dispatchManual Publish workflow to publish either package after fetching the CocoaPods trunk token from AWS SSM.Extends the
release-pleaseworkflow to run onmacos-latest, fetch the CocoaPods token when releases are created, and publish the corresponding podspec(s) based on release-please outputs; updatesrelease-please-config.jsonand.release-please-manifest.jsonto treatLaunchDarklySessionReplayas a separate package and rename the root package toLaunchDarklyObservability.Written by Cursor Bugbot for commit bbf4aab. This will update automatically on new commits. Configure here.