Skip to content

chore(NODE-7573): remove DISPATCH_WORKFLOW_REF parameter from publish workflow#4937

Merged
dariakp merged 1 commit intomainfrom
NODE-7573
May 6, 2026
Merged

chore(NODE-7573): remove DISPATCH_WORKFLOW_REF parameter from publish workflow#4937
dariakp merged 1 commit intomainfrom
NODE-7573

Conversation

@tadjik1
Copy link
Copy Markdown
Member

@tadjik1 tadjik1 commented May 6, 2026

Description

Summary of Changes

The first nightly run after #4930 was merged failed immediately with:

could not create workflow dispatch event: HTTP 422: No ref found for: 5cc96e7fb16040505d4c8e779d0ab5980988fe7a

Root cause: DISPATCH_WORKFLOW_REF: ${{ github.sha }} was set based on a reviewer suggestion to pin the workflow file to the exact commit being published. However, the GitHub Actions dispatch API (POST /actions/workflows/{id}/dispatches) requires a branch or tag name as ref - bare commit SHAs are not accepted.

Fix: Remove DISPATCH_WORKFLOW_REF. The script (dispatch-and-wait.mjs) already defaults to main, which is correct: npm-publish.yml is taken from main.

The underlying concern (provenance diverging from published source) is already addressed by the separate ref="${{github.sha }}" input passed to npm-publish.yml, which pins the checkout - and therefore the provenance attestation - to the exact commit being published. DISPATCH_WORKFLOW_REF only controls which branch the workflow definition is loaded from, not what source is built.

Double check the following

  • Lint is passing (npm run check:lint)
  • Self-review completed using the steps outlined here
  • PR title follows the correct format: type(NODE-xxxx)[!]: description
    • Example: feat(NODE-1234)!: rewriting everything in coffeescript
  • Changes are covered by tests
  • New TODOs have a related JIRA ticket

@tadjik1 tadjik1 marked this pull request as ready for review May 6, 2026 11:10
@tadjik1 tadjik1 requested a review from a team as a code owner May 6, 2026 11:10
Copilot AI review requested due to automatic review settings May 6, 2026 11:10
Copilot AI reviewed May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes the nightly release workflow dispatch failure by removing an invalid ref value (a bare commit SHA) used when dispatching npm-publish.yml, aligning with GitHub Actions’ requirement that the dispatch ref be a branch or tag. This keeps the publish workflow definition sourced from main, while still pinning the published source via the ref="${{ github.sha }}" input to npm-publish.yml.

Changes:

  • Remove DISPATCH_WORKFLOW_REF: ${{ github.sha }} from the nightly release workflow’s dispatch step.
  • Rely on .github/scripts/dispatch-and-wait.mjs default behavior (main) for the workflow-definition ref while continuing to pass the commit SHA as an input to npm-publish.yml.

@dariakp dariakp self-assigned this May 6, 2026
@dariakp dariakp merged commit bc511d0 into main May 6, 2026
34 of 36 checks passed
@dariakp dariakp deleted the NODE-7573 branch May 6, 2026 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@nbbeeken nbbeeken nbbeeken approved these changes

Assignees

@dariakp dariakp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tadjik1 @nbbeeken @dariakp