fix(ci): sync uv.lock in release PR + use logging.exception#92
Merged
Conversation
Replaces logger.error(f"...: {e}") with logger.exception("...") inside
except blocks so stack traces are captured. Resolves SonarQube S8572 (9
findings across cross_reference.py and sitemap_generator.py).
Generated-by: Claude Opus 4.8
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
release-please bumps pyproject.toml but never runs uv lock, leaving the locked project version stale (1.0.1 vs released 1.1.0). Add a guarded follow-up that checks out the release PR branch, runs uv lock, and pushes the synced lock back into the same PR. Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR addresses two CI/quality gaps in the devto-mirror codebase: keeping uv.lock synchronized in release-please generated release PRs, and improving exception logging in AI optimization modules to include stack traces.
Changes:
- Updates exception handling in AI optimization modules to use
logger.exception(...)for stack traces. - Extends the
release-pleaseworkflow to check out the release PR branch, runuv lock, and push anuv.locksync commit back into the same PR when needed.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
src/devto_mirror/ai_optimization/sitemap_generator.py |
Switches error logging in except blocks to logger.exception to include stack traces. |
src/devto_mirror/ai_optimization/cross_reference.py |
Switches error logging in except blocks to logger.exception to include stack traces. |
.github/workflows/release-please.yml |
Adds a guarded post-release-please step sequence to regenerate and push a synced uv.lock into the release PR branch. |
Pins the interpreter setup-uv installs and enables caching so the release-please lock-sync step is deterministic and consistent with the rest of CI. (uv.lock itself is a universal lockfile, so contents do not depend on the runner Python; this stops uv from auto-downloading an arbitrary managed interpreter.) Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What 🔧
Two independent fixes:
1. release-please leaves
uv.lockstalepyproject.tomlbut never runsuv lock1.0.1vs released1.1.0)release-please.ymlchecks out the release PR branch, runsuv lock, pushes the synced lock back into the same PRprs_created == 'true'; no-op when the lock already matchesupdate-lockfilespre-commit hook — this just closes the CI gap2. SonarQube S8572 (9 findings)
logger.error(f"...: {e}")→logger.exception("...")insideexceptblocksas eai_optimization/cross_reference.py,ai_optimization/sitemap_generator.pyVerification ✅
make ai-checks— format, lint, security, complexity, tests (88.63% > 85%) all passactionlintclean on the workflowref:in the new checkout comes from release-please's own output (deterministic branch name), not attacker-controlled event input;run:block has no${{ }}interpolation — no injection surfaceNotes 📝
ci-bot(matchespublish.yamlconvention) and is not GPG-signed — it's a generated bot commitpermissionscould move to job level per repo GHA conventions, but kept the diff minimal🤖 Generated with Claude Code