Skip to content

Add moq-relay release workflow and Nix cache configuration#1178

Merged
kixelated merged 5 commits into
mainfrom
claude/moq-relay-binary-releases-Iz6nd
Apr 1, 2026
Merged

Add moq-relay release workflow and Nix cache configuration#1178
kixelated merged 5 commits into
mainfrom
claude/moq-relay-binary-releases-Iz6nd

Conversation

@kixelated

Copy link
Copy Markdown
Collaborator

Summary

This PR adds automated release infrastructure for the moq-relay binary and configures Nix to use a binary cache for faster builds.

Key Changes

  • New GitHub Actions workflow (moq-relay.yml): Automated build and release pipeline triggered on version tags

    • Builds moq-relay for multiple targets (x86_64 and aarch64 Linux)
    • Includes cross-compilation setup for ARM64
    • Automatically creates GitHub releases with generated changelogs
    • Compares against previous moq-relay tags to generate relevant release notes
  • Nix configuration (flake.nix): Added cachix binary cache configuration

    • Enables faster builds by using pre-built binaries from kixelated.cachix.org
    • Reduces build times for developers using Nix

Implementation Details

  • The workflow parses semantic version tags matching the pattern moq-relay-v*
  • Artifacts are packaged with version and target information in filenames
  • Release notes are automatically generated, with fallback for initial releases
  • Cross-compilation for aarch64 uses the standard gcc-aarch64-linux-gnu toolchain

https://claude.ai/code/session_01EvMqKAenxxuNN8MnoYDLas

claude added 3 commits April 1, 2026 16:59
Add a GitHub Actions workflow that builds moq-relay binaries for 4 targets
(x86_64/aarch64 Linux, x86_64/aarch64 macOS) on release tags and uploads
them as GitHub Release assets.

Also add a Nix package definition (nix/moq-relay-bin.nix) that fetches
pre-built binaries from GitHub Releases instead of compiling from source.

https://claude.ai/code/session_01EvMqKAenxxuNN8MnoYDLas
- Add nixConfig to flake.nix with the kixelated Cachix substituter so
  consumers automatically get pre-built binaries without compiling
- Expose moq-relay-bin package in flake that reads from nix/hashes.json
- Update moq-relay-bin.nix to read version/hashes from hashes.json by
  default, with optional manual overrides
- Add update-hashes job to the release workflow that computes SRI hashes
  and commits nix/hashes.json to main after each release
- Add nix/hashes.json placeholder (populated by CI on first release)

https://claude.ai/code/session_01EvMqKAenxxuNN8MnoYDLas
…kage

- Reduce moq-relay workflow to x86_64 and aarch64 Linux targets only
- Remove nix/moq-relay-bin.nix and nix/hashes.json (not needed with Cachix)
- Remove moq-relay-bin from flake packages
- Keep nixConfig with Cachix substituter for instant Nix installs

https://claude.ai/code/session_01EvMqKAenxxuNN8MnoYDLas
@coderabbitai

coderabbitai Bot commented Apr 1, 2026

Copy link
Copy Markdown
Contributor

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 77130fec-96c2-4923-9667-5748f876bcf7

📥 Commits

Reviewing files that changed from the base of the PR and between 5660428 and 08679fb.

⛔ Files ignored due to path filters (1)
  • bun.lock is excluded by !**/*.lock
📒 Files selected for processing (10)
  • .github/workflows/moq-relay.yml
  • flake.nix
  • rs/conducer/Cargo.toml
  • rs/hang/Cargo.toml
  • rs/moq-codec/Cargo.toml
  • rs/moq-msf/Cargo.toml
  • rs/moq-mux/Cargo.toml
  • rs/moq-native/Cargo.toml
  • rs/moq-relay/Cargo.toml
  • rs/moq-token/Cargo.toml
✅ Files skipped from review due to trivial changes (10)
  • rs/moq-msf/Cargo.toml
  • rs/moq-codec/Cargo.toml
  • rs/moq-mux/Cargo.toml
  • rs/conducer/Cargo.toml
  • rs/moq-token/Cargo.toml
  • rs/moq-relay/Cargo.toml
  • rs/moq-native/Cargo.toml
  • rs/hang/Cargo.toml
  • flake.nix
  • .github/workflows/moq-relay.yml

Walkthrough

Added a new GitHub Actions workflow (.github/workflows/moq-relay.yml) that runs on tags matching moq-relay-v*, builds the moq-relay crate for x86_64-unknown-linux-gnu and aarch64-unknown-linux-gnu, packages per-target artifacts, and creates or updates a GitHub Release with generated notes. Updated flake.nix with commented guidance for using the project Cachix cache (extra-substituters / trusted keys). Multiple Rust crate manifests (rs/*/Cargo.toml) were modified to add [lib] sections disabling doctests and, in some crates, library tests.

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the two main changes: adding a moq-relay release workflow and configuring Nix cache.
Description check ✅ Passed The description is directly related to the changeset, detailing the GitHub Actions workflow, Nix configuration, and implementation specifics.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/moq-relay-binary-releases-Iz6nd
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch claude/moq-relay-binary-releases-Iz6nd

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/moq-relay.yml (1)

42-43: Tag parser is stricter than SemVer intent.

([0-9.]+) rejects valid SemVer prerelease/build tags (e.g. 1.2.3-rc.1). If semantic versioning is intended, use a SemVer-compatible pattern.

Also applies to: 85-86

🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/moq-relay.yml around lines 42 - 43, The tag regex in the
if-statement using "$ref" currently captures only digits/dots via ([0-9.]+) and
will reject valid SemVer prerelease/build identifiers (e.g. 1.2.3-rc.1); update
the pattern used in the conditional that matches "moq-relay-v(...)" (and the
identical one later around lines 85-86) to a SemVer-compatible pattern that
allows numeric segments plus optional prerelease and build metadata (or at
minimum permit hyphens and alphanumerics after the numeric version), then write
the captured group to $GITHUB_OUTPUT as before (keep the variable name/version
extraction logic intact).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/moq-relay.yml:
- Around line 8-10: The workflow currently grants workflow-wide write access via
the top-level "permissions: contents: write"; change the default scope to the
least-privileged level needed by most jobs (e.g., "permissions: contents: read"
or remove write) and grant "contents: write" only to the "release" job by adding
a job-level permissions block for the release job; update the "build" job to use
read-only access (or inherit the default) so only the "release" job has write
rights.
- Around line 92-99: The current prev_tag selection uses git tag --list ...
--sort=-v:refname with grep -v which picks the highest other tag rather than the
immediate predecessor; update the logic in the step that sets
prev_tag/current_tag so you sort tags by version ascending and choose the tag
just before current_tag (e.g., use git tag --list 'moq-relay-v*'
--sort=v:refname, iterate/find the line equal to current_tag and take the
previous line), ensuring the script that sets prev_tag uses that previous-tag
value (symbols: current_tag and prev_tag) so changelog ranges compare against
the true immediate prior release.
- Around line 106-122: The release step currently calls gh release create (using
github.ref_name, steps.parse.outputs.version, prev_tag, artifacts/*) which fails
if the release already exists; change the step to first check for the release
existence with gh release view "${{ github.ref_name }}" and if it exists use gh
release upload (or gh release edit to update notes/notes-start-tag) to update
assets and metadata instead of running gh release create, otherwise run gh
release create as before; ensure the logic preserves the
prev_tag/--notes-start-tag behavior when creating and replaces or re-uploads
artifacts/* on reruns to make the job idempotent.

---

Nitpick comments:
In @.github/workflows/moq-relay.yml:
- Around line 42-43: The tag regex in the if-statement using "$ref" currently
captures only digits/dots via ([0-9.]+) and will reject valid SemVer
prerelease/build identifiers (e.g. 1.2.3-rc.1); update the pattern used in the
conditional that matches "moq-relay-v(...)" (and the identical one later around
lines 85-86) to a SemVer-compatible pattern that allows numeric segments plus
optional prerelease and build metadata (or at minimum permit hyphens and
alphanumerics after the numeric version), then write the captured group to
$GITHUB_OUTPUT as before (keep the variable name/version extraction logic
intact).
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 49eaef1c-7330-4981-84cd-d6b07f66d6a6

📥 Commits

Reviewing files that changed from the base of the PR and between 42f46d0 and 5660428.

📒 Files selected for processing (2)
  • .github/workflows/moq-relay.yml
  • flake.nix

Comment thread .github/workflows/moq-relay.yml
Comment thread .github/workflows/moq-relay.yml
Comment thread .github/workflows/moq-relay.yml Outdated
kixelated and others added 2 commits April 1, 2026 12:48
… correct prev_tag, idempotent release

- Scope top-level permissions to read, grant write only to the release job
- Accept SemVer prerelease/build metadata in tag regex
- Find the immediate predecessor tag instead of the highest other tag
- Check for existing release before creating to make reruns idempotent
- Remove nixConfig from flake.nix to avoid untrusted substituter prompts

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ate bun.lock

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@kixelated kixelated merged commit 7234269 into main Apr 1, 2026
2 checks passed
@kixelated kixelated deleted the claude/moq-relay-binary-releases-Iz6nd branch April 1, 2026 20:16
This was referenced Apr 1, 2026
This was referenced May 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants