Skip to content

[ci][anneal] Overhaul release process to support manual trigger and PR generation#3285

Open
joshlf wants to merge 1 commit intomainfrom
Gsfuzkz4u5vy5ps2egbs6bortsksfbpma
Open

[ci][anneal] Overhaul release process to support manual trigger and PR generation#3285
joshlf wants to merge 1 commit intomainfrom
Gsfuzkz4u5vy5ps2egbs6bortsksfbpma

Conversation

@joshlf
Copy link
Copy Markdown
Member

@joshlf joshlf commented Apr 16, 2026
edited
Loading

This design addresses a complex chicken-and-egg problem in releasing
precompiled artifacts for the Anneal toolchain. Previously, we relied
solely on upstream prebuilts (from Aeneas and Rust). To provide a better
user experience, we want to distribute our own "fat" artifacts that
include these dependencies and pre-compiled Lean libraries.

Obvious approaches like building locally and pushing binaries are
rejected because they require trusting developer machines. Building in
CI and pushing directly back to main is also rejected because it
complicates protected branch rules and can lead to concurrent
modification issues.

This commit overhauls the release process to support a new design:

  • A manual GitHub Action (workflow_dispatch) is used to roll Aeneas.
  • It builds our fat artifacts on trusted CI runners.
  • It publishes them to a GitHub Pre-release with a unique tag.
  • It automatically generates a PR that updates Cargo.toml with the new
    URLs and hashes of OUR artifacts.
  • A local script remains available for simple version bumps without
    pinning updates.

This ensures atomicity on main and keeps the process automated and
secure. We keep the workflows together in anneal-release.yml as
suggested, using conditional logic to determine behavior.

Latest Update: v2 — Compare vs v1

📚 Full Patch History

Links show the diff between the row version and the column version.

Version v1 Base
v2 vs v1 vs Base
v1 vs Base
⬇️ Download this PR

Branch

git fetch origin refs/heads/Gsfuzkz4u5vy5ps2egbs6bortsksfbpma && git checkout -b pr-Gsfuzkz4u5vy5ps2egbs6bortsksfbpma FETCH_HEAD

Checkout

git fetch origin refs/heads/Gsfuzkz4u5vy5ps2egbs6bortsksfbpma && git checkout FETCH_HEAD

Cherry Pick

git fetch origin refs/heads/Gsfuzkz4u5vy5ps2egbs6bortsksfbpma && git cherry-pick FETCH_HEAD

Pull

git pull origin refs/heads/Gsfuzkz4u5vy5ps2egbs6bortsksfbpma

Stacked PRs enabled by GHerrit.

github-actions[bot]
github-actions bot approved these changes Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Optimistically Approved: Changes appear scoped. Final strict verification will occur in the Merge Queue.

@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Apr 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.88%. Comparing base (b943232) to head (c5b13a1).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3285   +/-   ##
=======================================
  Coverage   91.88%   91.88%           
=======================================
  Files          20       20           
  Lines        6076     6076           
=======================================
  Hits         5583     5583           
  Misses        493      493

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@joshlf
[ci][anneal] Overhaul release process to support manual trigger and P…
c5b13a1 
…R generation

This design addresses a complex chicken-and-egg problem in releasing
precompiled artifacts for the Anneal toolchain. Previously, we relied
solely on upstream prebuilts (from Aeneas and Rust). To provide a better
user experience, we want to distribute our own "fat" artifacts that
include these dependencies and pre-compiled Lean libraries.

Obvious approaches like building locally and pushing binaries are
rejected because they require trusting developer machines. Building in
CI and pushing directly back to `main` is also rejected because it
complicates protected branch rules and can lead to concurrent
modification issues.

This commit overhauls the release process to support a new design:
- A manual GitHub Action (workflow_dispatch) is used to roll Aeneas.
- It builds our fat artifacts on trusted CI runners.
- It publishes them to a GitHub Pre-release with a unique tag.
- It automatically generates a PR that updates Cargo.toml with the new
  URLs and hashes of OUR artifacts.
- A local script remains available for simple version bumps without
  pinning updates.

This ensures atomicity on `main` and keeps the process automated and
secure. We keep the workflows together in `anneal-release.yml` as
suggested, using conditional logic to determine behavior.

gherrit-pr-id: Gsfuzkz4u5vy5ps2egbs6bortsksfbpma
@joshlf joshlf force-pushed the Gsfuzkz4u5vy5ps2egbs6bortsksfbpma branch from d2f7a6b to c5b13a1 Compare April 17, 2026 08:44
github-actions[bot]
github-actions bot approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Optimistically Approved: Changes appear scoped. Final strict verification will occur in the Merge Queue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@joshlf @codecov-commenter