Skip to content

fix(release): write release notes to file instead of capturing stdout #8086

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jdx merged 2 commits into from
Feb 10, 2026
Merged

fix(release): write release notes to file instead of capturing stdout #8086

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
820ab62
fix(release): write release notes to file instead of capturing stdout
jdx Feb 10, 2026
1b7e6ba
fix(release): use mktemp for output file and redirect stdout
jdx Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 15 additions & 15 deletions xtasks/gen-release-notes
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ if [[ -z $changelog ]]; then
exit 1
fi

output_file=$(mktemp /tmp/release-notes-XXXXXX.md)
Copy link

@cursor cursor bot Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mktemp suffix breaks on macOS BSD mktemp

Medium Severity

mktemp /tmp/release-notes-XXXXXX.md uses a template with characters after the trailing Xs, which is a GNU coreutils extension. macOS ships with BSD mktemp, which requires the Xs to be at the very end of the template. On macOS, this command will fail (or worse, create a file literally named release-notes-XXXXXX.md with no randomization). Since the script uses set -euo pipefail, it will abort immediately with a cryptic error on macOS. Dropping the .md suffix (e.g., mktemp /tmp/release-notes-XXXXXX) would be portable across both platforms.

Fix in Cursor Fix in Web

stderr_file=$(mktemp)
trap 'rm -f "$stderr_file" "$output_file"' EXIT

# Build prompt safely using printf to avoid command substitution on backticks in changelog
prompt=$(
printf '%s\n' "You are writing release notes for mise version ${version}${prev_version:+ (previous version: ${prev_version})}."
Expand Down Expand Up @@ -64,26 +68,21 @@ RELEASE NOTES:

Output ONLY the title, blank line, and release notes - no other preamble.
INSTRUCTIONS
printf '\n%s\n' "Write your output to the file: ${output_file}"
printf '%s\n' "Do not output anything else — just write to the file."
)

# Use Claude Code to generate the release notes
# Sandboxed: only read-only tools allowed (no Bash, Edit, Write)
# Claude writes to a temp file via the Write tool to avoid formatting artifacts from stdout
echo "Generating release notes with Claude..." >&2
echo "Version: $version" >&2
echo "Previous version: ${prev_version:-none}" >&2
echo "Changelog length: ${#changelog} chars" >&2

# Capture stderr separately to avoid polluting output
stderr_file=$(mktemp)
trap 'rm -f "$stderr_file"' EXIT

if ! output=$(
printf '%s' "$prompt" | claude -p \
--model claude-opus-4-5-20251101 \
--permission-mode bypassPermissions \
--output-format text \
--allowedTools "Read,Grep,Glob" 2>"$stderr_file"
); then
if ! printf '%s' "$prompt" | claude -p \
--model claude-opus-4-6 \
--permission-mode bypassPermissions \
--allowedTools "Read,Grep,Glob,Write($output_file)" >/dev/null 2>"$stderr_file"; then
echo "Error: Claude CLI failed" >&2
if [[ -s $stderr_file ]]; then
cat "$stderr_file" >&2
Expand All @@ -93,11 +92,12 @@ if ! output=$(
exit 1
fi

# Validate we got non-empty output
if [[ -z $output ]]; then
echo "Error: Claude returned empty output" >&2
# Validate the output file was created and is non-empty
if [[ ! -s $output_file ]]; then
echo "Error: Claude did not write release notes to $output_file" >&2
cat "$stderr_file" >&2
exit 1
fi

output=$(cat "$output_file")
echo "$output"
Loading