UN-3479 [FIX] release workflow: validate before tag/publish + lint cleanup

[chandrasekharan-zipstack]

Summary

Three tightly-coupled fixes prompted by the broken v1.3 / v1.4 release dispatches today.

1. Lint failures in src/unstract/clone/

Run 26506031574 failed with 10 E501 (line-too-long > 88) violations across the new clone subpackage. These were not caught at PR time because the PR-gate workflow (test.yml) only ran pytest. Reworded the offending lines (no behavioral change) and added ruff check src/ to test.yml so lint regressions block at PR time.

2. Release workflow ordering

main.yml performed version bump → commit to main → push tag → create GH release before running lint/tests/build. So a lint failure left main with a phantom version bump and an orphaned GitHub release (v1.4.0, deleted out-of-band as part of this work).

New ordering — verification first, side-effects second:

1. Compute new version + write to __init__.py locally (no commit)
2. Verify version match
3. Lint (ruff check src/)
4. Tests (pytest)
5. Build (uv build)
6. Only on success: commit bump, push to main, tag, push tag, create GH release
7. uv publish to PyPI

3. Version revert: 1.4.0 → 1.2.1

Run #1 (failed at tag step but succeeded at commit-push) and run #2 (created v1.4.0 then failed at lint) left main at 1.4.0 with no corresponding published artifact. Reverted so the next manual trigger produces the intended v1.3.0.

Test plan

• uv run ruff check src/ passes locally
• uv run pytest tests/ — 167 passed locally
• gh release delete v1.4.0 + git push --delete origin v1.4.0 done out-of-band
• CI (this PR) — new Lint (ruff) step on test.yml runs green
• After merge: trigger main.yml manually with minor bump → expect clean v1.3.0 release end-to-end

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR addresses the broken v1.3/v1.4 release process by restructuring main.yml so all verification (lint, tests, build, PyPI publish) runs before any git side-effects (commit, tag, GitHub release), adds ruff check src/ to test.yml so lint failures block at PR time, reverts __version__ to 1.2.1, and fixes E501 line-length violations across the clone subpackage.

• Workflow reorder (main.yml): Version is now bumped locally first, then verified, linted, tested, built, and published to PyPI before the commit/tag/release are written — ensuring a lint or test failure can no longer leave a phantom commit or orphaned GitHub release on main.
• PR gate (test.yml): Ruff linting is now a required check alongside pytest, running against both Python 3.11 and 3.12 matrix entries so E501 regressions are caught before merge.
• Lint fixes (src/unstract/clone/): Eight string literals shortened to comply with the 88-character line limit; no behavioral changes.

Confidence Score: 5/5

Safe to merge — the workflow reorder is a clear improvement, lint fixes are cosmetic, and the version revert is intentional and correct.

The release workflow is significantly more resilient than before: all validation runs before any git mutation, and the only remaining trade-off (PyPI publish preceding the git commit) is explicitly acknowledged in a code comment. The clone file changes are pure string truncations with zero runtime impact. The version revert is deliberate and well-explained.

.github/workflows/main.yml is the only file with meaningful logic changes; the open concerns from prior review threads (dispatch guard and publish-before-tag ordering) are already tracked there.

Important Files Changed

Filename	Overview
.github/workflows/main.yml	Release workflow restructured to run all verification (lint, tests, build, publish) before committing/tagging; Compute new version no longer carries the old workflow_dispatch guard, and all intermediate steps lack that guard too
.github/workflows/test.yml	Added ruff check src/ lint step before pytest so lint regressions now block PRs; straightforward and correct
src/unstract/api_deployments/init.py	Version reverted from 1.4.0 to 1.2.1 so the next manual minor bump produces the intended v1.3.0
src/unstract/clone/exceptions.py	Docstring shortened to fix E501 line-length violation; no behavioral change
src/unstract/clone/phases/adapter.py	NameConflictError message truncated for E501; no behavioral change
src/unstract/clone/phases/api_deployment.py	Two string literals shortened to fix E501; no behavioral change
src/unstract/clone/phases/connector.py	Log message shortened to fix E501; no behavioral change
src/unstract/clone/phases/custom_tool.py	Error string shortened to fix E501; no behavioral change
src/unstract/clone/phases/files.py	Warning log message shortened to fix E501; no behavioral change
src/unstract/clone/phases/pipeline.py	Info log message shortened to fix E501; no behavioral change
src/unstract/clone/phases/tool_instance.py	Warning log message shortened to fix E501; no behavioral change
src/unstract/clone/report.py	Docstring shortened to fix E501; no behavioral change

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant FS as File System
    participant PyPI as PyPI (Trusted Publisher)
    participant Repo as Git / GitHub

    GH->>FS: Compute new version (bump __init__.py locally, no commit)
    GH->>FS: Verify version update (file vs step output)
    GH->>GH: Lint (ruff check src/)
    GH->>GH: Tests (pytest)
    GH->>GH: Build (uv build)
    GH->>PyPI: Publish (uv publish via OIDC)
    Note over PyPI: Point of no return — artifact is live
    GH->>Repo: git commit version bump + push to main
    GH->>Repo: git tag vX.Y.Z + push tag
    GH->>Repo: gh release create vX.Y.Z
    GH->>GH: Success message

Loading

_{Reviews (2): Last reviewed commit: "fix(ci): publish to PyPI before tag/rele..." | Re-trigger Greptile}