From 7e05c07c1c598e17542049c709280ce48edb3716 Mon Sep 17 00:00:00 2001
From: Reuven Harrison <reuvenharrison@gmail.com>
Date: Sun, 12 Apr 2026 15:40:31 +0300
Subject: [PATCH 1/2] fix: verify CI passed before tagging a release

release.sh now checks GitHub commit status and check-runs on HEAD
before creating the tag. Blocks the release if tests failed; prompts
if status is pending/unknown.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 release.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/release.sh b/release.sh
index 4ddb942..a785f21 100755
--- a/release.sh
+++ b/release.sh
@@ -70,6 +70,26 @@ if [ "$(git rev-parse HEAD)" != "$(git rev-parse origin/main)" ]; then
   exit 1
 fi
 
+# ── Verify CI passed on HEAD ─────────────────────────────────────────────────
+
+HEAD_SHA=$(git rev-parse HEAD)
+echo "Checking CI status for $(git rev-parse --short HEAD)..."
+CI_STATE=$(gh api "repos/oasdiff/oasdiff-action/commits/${HEAD_SHA}/status" --jq '.state' 2>/dev/null || echo "unknown")
+CI_CHECKS=$(gh api "repos/oasdiff/oasdiff-action/commits/${HEAD_SHA}/check-runs" --jq '[.check_runs[] | select(.conclusion != "success" and .conclusion != "skipped" and .conclusion != null)] | length' 2>/dev/null || echo "unknown")
+
+if [ "$CI_STATE" = "pending" ] || [ "$CI_CHECKS" = "unknown" ]; then
+  echo "warning: CI status is pending or unknown — tests may not have run yet" >&2
+  printf "Continue anyway? [y/N] "
+  read -r answer
+  case "$answer" in [yY]*) ;; *) echo "Aborted."; exit 1 ;; esac
+elif [ "$CI_STATE" = "failure" ] || [ "$CI_CHECKS" != "0" ]; then
+  echo "error: CI checks failed on HEAD — fix tests before releasing" >&2
+  echo "  See: https://github.com/oasdiff/oasdiff-action/actions" >&2
+  exit 1
+fi
+
+echo "✓ CI passed on HEAD"
+
 # ── Tag ──────────────────────────────────────────────────────────────────────
 
 git tag "$NEW"

From ee78a597591b85abecf9255d0e67b42dfb3708b2 Mon Sep 17 00:00:00 2001
From: Reuven Harrison <reuvenharrison@gmail.com>
Date: Wed, 15 Apr 2026 14:41:42 +0300
Subject: [PATCH 2/2] fix: check failure before pending in CI status check

When a repo uses only GitHub Actions (check-runs) and not commit
statuses, the status API returns "pending" by default. Checking
pending first would prompt unnecessarily even when all check-runs
passed. Check failure first so the pending branch only triggers
when status is genuinely unknown.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 release.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/release.sh b/release.sh
index a785f21..ccfc9b2 100755
--- a/release.sh
+++ b/release.sh
@@ -77,15 +77,15 @@ echo "Checking CI status for $(git rev-parse --short HEAD)..."
 CI_STATE=$(gh api "repos/oasdiff/oasdiff-action/commits/${HEAD_SHA}/status" --jq '.state' 2>/dev/null || echo "unknown")
 CI_CHECKS=$(gh api "repos/oasdiff/oasdiff-action/commits/${HEAD_SHA}/check-runs" --jq '[.check_runs[] | select(.conclusion != "success" and .conclusion != "skipped" and .conclusion != null)] | length' 2>/dev/null || echo "unknown")
 
-if [ "$CI_STATE" = "pending" ] || [ "$CI_CHECKS" = "unknown" ]; then
+if [ "$CI_STATE" = "failure" ] || [ "$CI_CHECKS" != "0" ]; then
+  echo "error: CI checks failed on HEAD — fix tests before releasing" >&2
+  echo "  See: https://github.com/oasdiff/oasdiff-action/actions" >&2
+  exit 1
+elif [ "$CI_STATE" = "pending" ] || [ "$CI_CHECKS" = "unknown" ]; then
   echo "warning: CI status is pending or unknown — tests may not have run yet" >&2
   printf "Continue anyway? [y/N] "
   read -r answer
   case "$answer" in [yY]*) ;; *) echo "Aborted."; exit 1 ;; esac
-elif [ "$CI_STATE" = "failure" ] || [ "$CI_CHECKS" != "0" ]; then
-  echo "error: CI checks failed on HEAD — fix tests before releasing" >&2
-  echo "  See: https://github.com/oasdiff/oasdiff-action/actions" >&2
-  exit 1
 fi
 
 echo "✓ CI passed on HEAD"