zx-bulk-release 3.1.3 → 3.1.4

package/CHANGELOG.md

@@ -1,3 +1,9 @@
+## [3.1.4](https://github.com/semrel-extra/zx-bulk-release/compare/v3.1.3...v3.1.4) (2026-04-13)
+
+### Fixes & improvements
+* fix: sync receive/pack via context-driven pack filter ([5b539ff](https://github.com/semrel-extra/zx-bulk-release/commit/5b539ff327b07c171c523b36f28cc2e05c4346d6))
+* refactor: introduce internal di layer ([a32773d](https://github.com/semrel-extra/zx-bulk-release/commit/a32773d37e9454953029f18e0af7de33486c14e3))
+
 ## [3.1.3](https://github.com/semrel-extra/zx-bulk-release/compare/v3.1.2...v3.1.3) (2026-04-13)
 
 ### Fixes & improvements

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "zx-bulk-release",
   "alias": "bulk-release",
-  "version": "3.1.3",
+  "version": "3.1.4",
   "description": "zx-based alternative for multi-semantic-release",
   "type": "module",
   "exports": {

package/src/main/js/post/api/index.js

@@ -0,0 +1,8 @@
+import * as git from './git.js'
+import * as gh from './gh.js'
+import * as npm from './npm.js'
+
+export const api = { git, gh, npm }
+
+/** @deprecated use `api` */
+export const defaultApi = api

package/src/main/js/post/courier/channels/changelog.js

@@ -1,6 +1,6 @@
 import {fs, path} from 'zx-extra'
 import {queuefy} from 'queuefy'
-import {fetchRepo, pushCommit} from '../../api/git.js'
+import {api} from '../../api/index.js'
 import {log} from '../../log.js'
 import {hasHigherVersion} from '../seniority.js'
 
@@ -14,12 +14,12 @@ const run = queuefy(async (manifest, dir) => {
 
   log.info('push changelog')
 
-  const _cwd = await fetchRepo({branch, origin: repoAuthedUrl, basicAuth: ghBasicAuth})
+  const _cwd = await api.git.fetchRepo({branch, origin: repoAuthedUrl, basicAuth: ghBasicAuth})
   const filePath = path.resolve(_cwd, file)
   const prev = await fs.readFile(filePath, 'utf8').catch(() => '')
   await fs.outputFile(filePath, releaseNotes + '\n' + prev)
 
-  await pushCommit({
+  await api.git.pushCommit({
     branch,
     msg,
     origin: repoAuthedUrl,

package/src/main/js/post/courier/channels/gh-pages.js

@@ -1,7 +1,7 @@
 import {path} from 'zx-extra'
 import {queuefy} from 'queuefy'
 import {log} from '../../log.js'
-import {pushCommit} from '../../api/git.js'
+import {api} from '../../api/index.js'
 import {hasHigherVersion} from '../seniority.js'
 
 const run = queuefy(async (manifest, dir) => {
@@ -15,7 +15,7 @@ const run = queuefy(async (manifest, dir) => {
 
   log.info(`publish docs to ${branch}`)
 
-  await pushCommit({
+  await api.git.pushCommit({
     cwd: docsDir,
     from: '.',
     to,

package/src/main/js/post/courier/channels/gh-release.js

@@ -1,6 +1,6 @@
 import {fs, path} from 'zx-extra'
 import {log} from '../../log.js'
-import {ghCreateRelease, ghFetch} from '../../api/gh.js'
+import {api} from '../../api/index.js'
 
 const isDuplicate = (e) =>
   /already_exists|Validation Failed|422/i.test(e?.message || e?.stderr || '')
@@ -14,7 +14,7 @@ const run = async (manifest, dir) => {
 
   let res
   try {
-    res = await ghCreateRelease({ghApiUrl: apiUrl, ghToken: token, repoName, tag, body: releaseNotes})
+    res = await api.gh.ghCreateRelease({ghApiUrl: apiUrl, ghToken: token, repoName, tag, body: releaseNotes})
   } catch (e) {
     if (isDuplicate(e)) return 'duplicate'
     throw e
@@ -27,7 +27,7 @@ const run = async (manifest, dir) => {
       await Promise.all(assets.map(async ({name}) => {
         const url = `${uploadUrl}?name=${name}`
         const body = await fs.readFile(path.join(assetsDir, name))
-        const r = await ghFetch(url, {ghToken: token, method: 'POST', headers: {'Content-Type': 'application/octet-stream'}, body})
+        const r = await api.gh.ghFetch(url, {ghToken: token, method: 'POST', headers: {'Content-Type': 'application/octet-stream'}, body})
         if (!r.ok) throw new Error(`gh asset upload failed for '${name}': ${r.status}`)
       }))
     }

package/src/main/js/post/courier/channels/git-tag.js

@@ -1,14 +1,15 @@
-import {pushTag, DEFAULT_GIT_COMMITTER_NAME, DEFAULT_GIT_COMMITTER_EMAIL} from '../../api/git.js'
+import {api} from '../../api/index.js'
+import {DEFAULT_GIT_COMMITTER_NAME, DEFAULT_GIT_COMMITTER_EMAIL} from '../../api/git.js'
 
 export const isTagConflict = (e) =>
   /already exists|updates were rejected|failed to push/i.test(e?.message || e?.stderr || '')
 
-const run = async (manifest) => {
+const run = async (manifest, dir) => {
   const {tag, cwd} = manifest
   const gitCommitterName  = manifest.gitCommitterName  || DEFAULT_GIT_COMMITTER_NAME
   const gitCommitterEmail = manifest.gitCommitterEmail || DEFAULT_GIT_COMMITTER_EMAIL
   try {
-    await pushTag({cwd, tag, gitCommitterName, gitCommitterEmail})
+    await api.git.pushTag({cwd, tag, gitCommitterName, gitCommitterEmail})
     return 'ok'
   } catch (e) {
     if (isTagConflict(e)) return 'conflict'

package/src/main/js/post/courier/channels/meta.js

@@ -1,6 +1,6 @@
 import {queuefy} from 'queuefy'
 import {log} from '../../log.js'
-import {pushCommit} from '../../api/git.js'
+import {api} from '../../api/index.js'
 import {getArtifactPath, isAssetMode, prepareMeta} from '../../depot/generators/meta.js'
 import {hasHigherVersion} from '../seniority.js'
 
@@ -18,7 +18,7 @@ const pushMetaBranch = queuefy(async (manifest, dir) => {
   const msg = `chore: release meta ${name} ${version}`
   const files = [{relpath: `${getArtifactPath(tag)}.json`, contents: meta}]
 
-  await pushCommit({
+  await api.git.pushCommit({
     to: '.',
     branch: 'meta',
     msg,

package/src/main/js/post/courier/channels/npm.js

@@ -1,5 +1,5 @@
 import {path} from 'zx-extra'
-import {npmPublish} from '../../api/npm.js'
+import {api} from '../../api/index.js'
 
 export const isNpmPublished = (pkg) =>
   !pkg.manifest.private && pkg.config.npmPublish !== false
@@ -9,7 +9,7 @@ const isDuplicate = (e) =>
 
 const run = async (manifest, dir) => {
   try {
-    await npmPublish({
+    await api.npm.npmPublish({
       name: manifest.name,
       version: manifest.version,
       npmTarball: path.join(dir, 'package.tgz'),

package/src/main/js/post/courier/semaphore.js

@@ -1,4 +1,4 @@
-import {pushAnnotatedTag, deleteRemoteTag} from '../api/git.js'
+import {api} from '../api/index.js'
 
 const tagName = ({sha}) =>
   `zbr-deliver.${sha.slice(0, 7)}`
@@ -11,7 +11,7 @@ export const tryLock = async (cwd, directive) => {
     packages: directive.queue,
   })
   try {
-    await pushAnnotatedTag(cwd, tag, body)
+    await api.git.pushAnnotatedTag(cwd, tag, body)
     return true
   } catch {
     return false
@@ -19,13 +19,13 @@ export const tryLock = async (cwd, directive) => {
 }
 
 export const unlock = async (cwd, directive) => {
-  await deleteRemoteTag(cwd, tagName(directive))
+  await api.git.deleteRemoteTag(cwd, tagName(directive))
 }
 
 export const signalRebuild = async (cwd, sha) => {
   const tag = `zbr-rebuild.${sha.slice(0, 7)}`
-  try { await pushAnnotatedTag(cwd, tag, 'rebuild') } catch { /* already signaled */ }
+  try { await api.git.pushAnnotatedTag(cwd, tag, 'rebuild') } catch { /* already signaled */ }
 }
 
 export const consumeRebuildSignal = async (cwd, sha) =>
-  deleteRemoteTag(cwd, `zbr-rebuild.${sha.slice(0, 7)}`)
+  api.git.deleteRemoteTag(cwd, `zbr-rebuild.${sha.slice(0, 7)}`)

package/src/main/js/post/depot/generators/meta.js

@@ -1,9 +1,7 @@
 // Meta generator: builds pkg.meta payload and resolves latest-release meta from git tags / gh assets / meta branch.
 
 import {semver, $, fs, path} from 'zx-extra'
-import {fetchRepo, getTags as getGitTags, getRepo, getSha} from '../../api/git.js'
-import {fetchManifest} from '../../api/npm.js'
-import {ghGetAsset} from '../../api/gh.js'
+import {api} from '../../api/index.js'
 import {parseTag} from './tag.js'
 
 export const isAssetMode = (type) => type === 'asset' || type === 'assets'
@@ -16,7 +14,7 @@ export const prepareMeta = async (pkg) => {
   if (type === null) return
 
   const {absPath: cwd} = pkg
-  const hash = await getSha(cwd)
+  const hash = await api.git.getSha(cwd)
   pkg.meta = {
     META_VERSION: '1',
     hash,
@@ -45,7 +43,7 @@ export const getLatest = async (pkg) => {
 }
 
 export const getTags = async (cwd, ref) =>
-  (await getGitTags(cwd, ref))
+  (await api.git.getTags(cwd, ref))
     .map(tag => parseTag(tag.trim()))
     .filter(Boolean)
     .sort((a, b) => semver.rcompare(a.version, b.version))
@@ -61,14 +59,14 @@ export const getArtifactPath = (tag) => tag.toLowerCase().replace(/[^a-z0-9-]/g,
 export const getLatestMeta = async (pkg, tag) => {
   if (tag) {
     const {absPath: cwd, config: {ghBasicAuth: basicAuth, ghUrl}} = pkg
-    const {repoName} = await getRepo(cwd, {basicAuth})
+    const {repoName} = await api.git.getRepo(cwd, {basicAuth})
 
     try {
-      return JSON.parse(await ghGetAsset({repoName, tag, name: 'meta.json', ghUrl}))
+      return JSON.parse(await api.gh.ghGetAsset({repoName, tag, name: 'meta.json', ghUrl}))
     } catch {}
 
     try {
-      const _cwd = await fetchRepo({cwd, branch: 'meta', basicAuth})
+      const _cwd = await api.git.fetchRepo({cwd, branch: 'meta', basicAuth})
       return await Promise.any([
         fs.readJson(path.resolve(_cwd, `${getArtifactPath(tag)}.json`)),
         fs.readJson(path.resolve(_cwd, getArtifactPath(tag), 'meta.json'))
@@ -76,5 +74,5 @@ export const getLatestMeta = async (pkg, tag) => {
     } catch {}
   }
 
-  return fetchManifest(pkg, {nothrow: true})
+  return api.npm.fetchManifest(pkg, {nothrow: true})
 }

package/src/main/js/post/depot/generators/notes.js

@@ -1,6 +1,6 @@
 // Release notes formatting. Pure except for a single getRepo() call to resolve repoPublicUrl.
 
-import {getRepo} from '../../api/git.js'
+import {api} from '../../api/index.js'
 import {formatTag} from './tag.js'
 
 export const DIFF_TAG_URL = '${repoPublicUrl}/compare/${prevTag}...${newTag}'
@@ -14,7 +14,7 @@ export const interpolate = (template, vars) => {
 
 export const formatReleaseNotes = async (pkg) => {
   const {name, version, tag = formatTag({name, version}), absPath: cwd, config: {ghBasicAuth: basicAuth, diffTagUrl = DIFF_TAG_URL, diffCommitUrl = DIFF_COMMIT_URL}} = pkg
-  const {repoPublicUrl, repoName} = await getRepo(cwd, {basicAuth})
+  const {repoPublicUrl, repoName} = await api.git.getRepo(cwd, {basicAuth})
   const prevTag = pkg.latest.tag?.ref
   const vars = {repoName, repoPublicUrl, prevTag, newTag: tag, name, version}
   const diffUrl = interpolate(diffTagUrl, vars)

package/src/main/js/post/depot/reconcile.js

@@ -1,6 +1,6 @@
 import {$} from 'zx-extra'
+import {api} from '../api/index.js'
 import {log} from '../log.js'
-import {getRemoteTagSha, clearTagsCache} from '../api/git.js'
 import {formatTag} from './generators/tag.js'
 import {resolvePkgVersion} from './steps/analyze.js'
 
@@ -8,7 +8,7 @@ export const preflight = async (pkg, ctx) => {
   if (!pkg.tag) return 'ok'
 
   const cwd = ctx.git.root
-  const remoteSha = await getRemoteTagSha(cwd, pkg.tag)
+  const remoteSha = await api.git.getRemoteTagSha(cwd, pkg.tag)
   if (!remoteSha) return 'ok'
 
   // tag exists on remote
@@ -30,7 +30,7 @@ export const preflight = async (pkg, ctx) => {
   if (isRemoteOlder.exitCode === 0) {
     log.info(`preflight: ${pkg.tag} — we are newer, re-resolving version`)
     await $({cwd})`git fetch origin --tags --force`
-    clearTagsCache()
+    api.git.clearTagsCache()
 
     const pre = ctx.flags.snapshot ? `-snap.${ctx.git.sha.slice(0, 7)}` : undefined
     // re-resolve: the fetched tags will give us a new latest version
@@ -38,7 +38,7 @@ export const preflight = async (pkg, ctx) => {
     pkg.version = resolvePkgVersion(pkg.releaseType, latestVersion, pkg.manifest.version, pre)
     pkg.manifest.version = pkg.version
     pkg.tag = formatTag({name: pkg.name, version: pkg.version, format: pkg.config.tagFormat})
-    return 'ok'
+    return 'refetch'
   }
 
   // diverged — anomaly

package/src/main/js/post/depot/steps/analyze.js

@@ -1,6 +1,6 @@
 import {semver} from 'zx-extra'
+import {api} from '../../api/index.js'
 import {log} from '../../log.js'
-import {getCommits} from '../../api/git.js'
 import {updateDeps} from '../deps.js'
 import {formatTag} from '../generators/tag.js'
 
@@ -41,7 +41,7 @@ export const semanticRules = [
 ]
 
 export const getSemanticChanges = async (cwd, from, to, rules = semanticRules) => {
-  const commits = await getCommits(cwd, from, to)
+  const commits = await api.git.getCommits(cwd, from, to)
 
   return analyzeCommits(commits, rules)
 }

package/src/main/js/post/depot/steps/build.js

@@ -1,5 +1,5 @@
 import {memoizeBy} from '../../../util.js'
-import {fetchPkg} from '../../api/npm.js'
+import {api} from '../../api/index.js'
 import {traverseDeps} from '../deps.js'
 import {exec} from '../exec.js'
 
@@ -8,7 +8,7 @@ export const build = memoizeBy(async (pkg, ctx = pkg.ctx) => {
   await Promise.all([
     traverseDeps({pkg, packages, cb: ({pkg}) => build(pkg, ctx)}),
     pkg.manifest.private !== true && pkg.changes.length === 0 && pkg.config.npmFetch && flags.npmFetch !== false
-      ? fetchPkg(pkg)
+      ? api.npm.fetchPkg(pkg)
       : Promise.resolve()
   ])
 

package/src/main/js/post/depot/steps/clean.js

@@ -1,7 +1,6 @@
-import {unsetUserConfig} from '../../api/git.js'
-import {npmRestore} from '../../api/npm.js'
+import {api} from '../../api/index.js'
 
 export const clean = async ({cwd, packages}) => {
-  await unsetUserConfig(cwd)
-  await Promise.all(Object.values(packages).filter(p => !p.skipped).map(npmRestore))
+  await api.git.unsetUserConfig(cwd)
+  await Promise.all(Object.values(packages).filter(p => !p.skipped).map(api.npm.npmRestore))
 }

package/src/main/js/post/depot/steps/contextify.js

@@ -1,6 +1,6 @@
 import {getPkgConfig} from '../../../config.js'
+import {api} from '../../api/index.js'
 import {getLatest} from '../generators/meta.js'
-import {getRoot, getSha, getCommitTimestamp} from '../../api/git.js'
 
 /**
  * Global release context — one per `run()` invocation.
@@ -42,9 +42,9 @@ export const contextify = async (pkg, ctx) => {
   pkg.ctx = {
     ...ctx,
     git: {
-      sha: await getSha(ctx.cwd),
-      root: await getRoot(ctx.cwd),
-      timestamp: await getCommitTimestamp(ctx.cwd),
+      sha: await api.git.getSha(ctx.cwd),
+      root: await api.git.getRoot(ctx.cwd),
+      timestamp: await api.git.getCommitTimestamp(ctx.cwd),
     },
   }
 }

package/src/main/js/post/depot/steps/pack.js

@@ -1,12 +1,9 @@
-import crypto from 'node:crypto'
 import {$, tempy, fs, path} from 'zx-extra'
 import {memoizeBy, asTuple} from '../../../util.js'
+import {api} from '../../api/index.js'
 import {prepare, getActiveChannels} from '../../courier/index.js'
 import {buildParcels, PARCELS_DIR} from '../../parcel/index.js'
-import {npmPersist} from '../../api/npm.js'
-import {getRepo} from '../../api/git.js'
 import {formatReleaseNotes} from '../generators/notes.js'
-import {ghPrepareAssets} from '../../api/gh.js'
 import {packTar, hashFile} from '../../tar.js'
 
 export const pack = memoizeBy(async (pkg, ctx = pkg.ctx) => {
@@ -15,12 +12,12 @@ export const pack = memoizeBy(async (pkg, ctx = pkg.ctx) => {
   const active = getActiveChannels(pkg, channelNames, snapshot)
 
   await prepare(active, pkg)
-  await npmPersist(pkg)
+  await api.npm.npmPersist(pkg)
 
   const outputDir = flags.pack ? path.resolve(ctx.git.root, typeof flags.pack === 'string' ? flags.pack : PARCELS_DIR) : null
   const stageDir = outputDir || tempy.temporaryDirectory()
   if (outputDir) await fs.ensureDir(outputDir)
-  const {repoName, repoHost, originUrl} = await getRepo(pkg.absPath, {basicAuth: pkg.config.ghBasicAuth})
+  const {repoName, repoHost, originUrl} = await api.git.getRepo(pkg.absPath, {basicAuth: pkg.config.ghBasicAuth})
   const artifacts = {repoName, repoHost, originUrl}
 
   if (active.includes('npm')) {
@@ -35,19 +32,19 @@ export const pack = memoizeBy(async (pkg, ctx = pkg.ctx) => {
     await fs.copy(path.join(pkg.absPath, from), artifacts.docsDir)
   }
   if (active.includes('gh-release') && pkg.config.ghAssets?.length)
-    artifacts.assetsDir = await ghPrepareAssets(pkg.config.ghAssets, pkg.absPath)
+    artifacts.assetsDir = await api.gh.ghPrepareAssets(pkg.config.ghAssets, pkg.absPath)
 
   const parcels = buildParcels(pkg, ctx, {channels: active, ...artifacts})
 
   const tars = []
   for (const {channel, manifest, files} of parcels) {
     // Two-pass: pack to temp, hash, rename to final name.
-    const tmpPath = path.join(stageDir, `_tmp.${crypto.randomUUID()}.tar`)
+    const tmpPath = tempy.temporaryFile({extension: 'tar'})
     await packTar(tmpPath, manifest, files)
     const hash = await hashFile(tmpPath)
     const sha7 = ctx.git.sha.slice(0, 7)
     const finalPath = path.join(stageDir, `parcel.${sha7}.${channel}.${pkg.tag}.${hash}.tar`)
-    await fs.rename(tmpPath, finalPath)
+    await fs.move(tmpPath, finalPath)
     tars.push(finalPath)
   }
 

package/src/main/js/post/modes/pack.js

@@ -11,10 +11,15 @@ import {clean} from '../depot/steps/clean.js'
 import {test} from '../depot/steps/test.js'
 import {preflight} from '../depot/reconcile.js'
 import {buildDirective, PARCELS_DIR} from '../parcel/index.js'
+import {CONTEXT_FILE, readContext} from '../depot/context.js'
 
 export const runPack = async ({cwd, env, flags}, ctx) => {
   const {report, packages, queue, prev} = ctx
 
+  // When running in split pipeline (receive → pack → deliver),
+  // the context file is the source of truth for what to release.
+  const contextFilter = await loadContextFilter(cwd, flags)
+
   const forEachPkg = (cb) => traverseQueue({queue, prev, cb: (name) => within(async () => {
     $.scope = name
     await contextify(packages[name], ctx)
@@ -42,8 +47,20 @@ export const runPack = async ({cwd, env, flags}, ctx) => {
 
     const packed = []
     await forEachPkg(async (pkg) => {
-      if (!pkg.releaseType) { pkg.skipped = true; return report.setStatus('skipped', pkg.name) }
-      if (await preflight(pkg, pkg.ctx) === 'skip') { pkg.skipped = true; return report.setStatus('skipped', pkg.name) }
+      if (contextFilter) {
+        // Split pipeline: context is the source of truth
+        const ctxPkg = contextFilter[pkg.name]
+        if (!ctxPkg) { pkg.skipped = true; return report.setStatus('skipped', pkg.name) }
+        pkg.version = ctxPkg.version
+        pkg.tag = ctxPkg.tag
+        pkg.manifest.version = ctxPkg.version
+        if (!pkg.releaseType) pkg.releaseType = 'patch'
+      } else {
+        // Standalone: own analysis decides
+        if (!pkg.releaseType) { pkg.skipped = true; return report.setStatus('skipped', pkg.name) }
+        if (await preflight(pkg, pkg.ctx) === 'skip') { pkg.skipped = true; return report.setStatus('skipped', pkg.name) }
+      }
+
       if (flags.build !== false) { report.setStatus('building',  pkg.name); await build(pkg) }
       if (flags.test  !== false) { report.setStatus('testing',   pkg.name); await test(pkg)  }
       if (flags.dryRun || flags.publish === false) return report.setStatus('success', pkg.name)
@@ -67,3 +84,15 @@ export const runPack = async ({cwd, env, flags}, ctx) => {
   }
   report.setStatus('success').log('Great success!')
 }
+
+const loadContextFilter = async (cwd, flags) => {
+  if (!flags.pack) return null
+  try {
+    const context = await readContext(path.resolve(cwd, CONTEXT_FILE))
+    if (context.status === 'proceed') {
+      log.info(`using context as package filter (${Object.keys(context.packages).length} package(s))`)
+      return context.packages
+    }
+  } catch { /* no context file — standalone mode */ }
+  return null
+}

package/src/main/js/post/modes/receive.js

@@ -1,5 +1,6 @@
 import {$, within} from 'zx-extra'
 
+import {api} from '../api/index.js'
 import {log} from '../log.js'
 import {traverseQueue} from '../depot/deps.js'
 import {contextify} from '../depot/steps/contextify.js'
@@ -9,21 +10,20 @@ import {preflight} from '../depot/reconcile.js'
 import {consumeRebuildSignal} from '../courier/semaphore.js'
 import {getActiveChannels} from '../courier/index.js'
 import {writeContext, buildContext} from '../depot/context.js'
-import {getSha} from '../api/git.js'
-import {setOutput, isRebuildTrigger} from '../api/gh.js'
+import {getLatest} from '../depot/generators/meta.js'
 
 export const runReceive = async ({cwd, env, flags}, ctx) => {
   const {report, packages, queue, prev} = ctx
 
-  const sha = await getSha(cwd)
+  const sha = await api.git.getSha(cwd)
   const sha7 = sha.slice(0, 7)
 
-  if (isRebuildTrigger(env) && !flags.dryRun) {
+  if (api.gh.isRebuildTrigger(env) && !flags.dryRun) {
     const result = await consumeRebuildSignal(cwd, sha)
     if (result?.exitCode !== 0 && result?.stderr?.includes('remote ref does not exist')) {
       log.info(`rebuild signal already consumed by another process`)
       await writeContext(cwd, {status: 'skip', reason: 'rebuild claimed by another process'})
-      setOutput('status', 'skip')
+      api.gh.setOutput('status', 'skip')
       return report.setStatus('success')
     }
     log.info(`consumed rebuild signal for ${sha7}`)
@@ -36,16 +36,41 @@ export const runReceive = async ({cwd, env, flags}, ctx) => {
   })})
 
   try {
+    // Phase 1: analyze all packages
     await forEachPkg(async (pkg) => {
       report.setStatus('analyzing', pkg.name)
       await analyze(pkg)
     })
 
+    // Phase 2: preflight — may fetch remote tags and re-resolve versions
+    let tagsFetched = false
     await forEachPkg(async (pkg) => {
       if (!pkg.releaseType) { pkg.skipped = true; return }
-      if (await preflight(pkg, pkg.ctx) === 'skip') { pkg.skipped = true; return }
+      const result = await preflight(pkg, pkg.ctx)
+      if (result === 'skip') { pkg.skipped = true; return }
+      if (result === 'refetch') tagsFetched = true
     })
 
+    // Phase 3: if preflight fetched tags, dependency cascade may have changed —
+    // re-analyze packages that had no changes on the first pass.
+    if (tagsFetched) {
+      log.info('tags fetched during preflight, re-analyzing for dependency cascades')
+      for (const name of queue) {
+        const pkg = packages[name]
+        if (pkg.releaseType) continue
+        pkg.latest = await getLatest(pkg)
+      }
+
+      await forEachPkg(async (pkg) => {
+        if (pkg.releaseType) return
+        pkg.skipped = false
+        report.setStatus('re-analyzing', pkg.name)
+        await analyze(pkg)
+        if (!pkg.releaseType) { pkg.skipped = true; return }
+        if (await preflight(pkg, pkg.ctx) === 'skip') { pkg.skipped = true }
+      })
+    }
+
     const snapshot = !!flags.snapshot
     const context = buildContext(packages, queue, sha, {
       getChannels: (pkg) => getActiveChannels(pkg, ctx.channels, snapshot),
@@ -56,10 +81,10 @@ export const runReceive = async ({cwd, env, flags}, ctx) => {
     if (count === 0) {
       log.info('nothing to release')
       await writeContext(cwd, {status: 'skip', reason: 'nothing to release'})
-      setOutput('status', 'skip')
+      api.gh.setOutput('status', 'skip')
     } else {
       log.info(`${count} package(s) to release`)
-      setOutput('status', 'proceed')
+      api.gh.setOutput('status', 'proceed')
     }
   } catch (e) {
     report.error(e, e.stack).setStatus('failure')

package/src/main/js/post/release.js

@@ -38,6 +38,10 @@ export const run = async ({cwd = process.cwd(), env: _env, flags = {}} = {}) =>
 })
 
 export const createContext = async ({flags, env, cwd}) => {
+  // Ensure remote tags are up-to-date before analysis to avoid
+  // inconsistencies between receive (context) and pack (parcels).
+  try { await $({cwd, quiet: true})`git fetch origin --tags --force` } catch { /* offline / bare */ }
+
   const {packages, queue, root, prev, graphs} = await topo({cwd, flags})
   const report = createReport({packages, queue, flags})
 

package/src/test/js/utils/mock.js

@@ -111,6 +111,7 @@ export const makeCtx = (overrides = {}) => ({
   graphs: overrides.graphs ?? {},
   report: overrides.report ?? makeReport(),
   channels: overrides.channels ?? [],
+
   run: overrides.run ?? (async () => {}),
   git: {sha: 'abc1234567890', root: tmpDir, timestamp: '1700000000', ...overrides.git},
 })