This relies on 1.94s --workspace option we've added to cargo
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes #ISSUE
Release Notes:
- N/A
This will make rerunning failing jobs easier, as this here is just a
pager, not anything we need to rerun - there exists a second check that
is blocking and should be rerun, this job however does not need to be.
Release Notes:
- N/A
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable
Release Notes:
- N/A
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This was missing from the previous permissions changes.
Self-Review Checklist:
- [X] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [X] Performance impact has been considered and is acceptable
Release Notes:
- N/A
This fixes three pre-existing issues in the visual test runner that were
never caught because visual tests aren't run in CI.
## Fixes
**1. Re-entrant read panic in sidebar creation (3 places)**
`Sidebar::new` reads the `MultiWorkspace` entity, so creating it inside
a `multi_workspace.update()` closure causes a `cannot read while being
updated` panic. Fixed by using `update_window` with
`root_view.downcast()` to get the handle without holding a mutable
borrow.
**2. Tooltip entity leak in breakpoint_hover test**
The tooltip system has an Rc cycle (`ActiveTooltip::Visible` holds a
`check_visible_and_update` closure that captures the
`Rc<RefCell<Option<ActiveTooltip>>>`). This cycle is normally broken
when the tooltip is dismissed, but the test closed the window while the
tooltip was still visible, causing a panic from the leak detector. Fixed
by simulating a click before cleanup to dismiss the tooltip.
**3. Visual tests not in CI**
Added a `cargo_run_visual_tests` step to the macOS test job via xtask so
these tests run on every PR and regressions are caught early.
Release Notes:
- N/A
🫡
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- Removed legacy Text Threads feature to help streamline the new agentic
workflows in Zed. Thanks to all of you who were enthusiastic Text Thread
users over the years ❤️!
---------
Co-authored-by: Bennet Bo Fenner <bennetbo@gmx.de>
Self-Review Checklist:
- [x] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Closes N/A — deploying
[codeowner-coordinator#90](https://github.com/zed-industries/codeowner-coordinator/pull/90)
to zed repo.
## Summary
Pass `ASSIGN_INTERNAL` and `ASSIGN_EXTERNAL` repository variables to the
assign-reviewers workflow. The coordinator script now uses these to
control whether an individual PR assignee is set based on the author's
org membership.
**Defaults:** org members skip assignee (teams self-organize
accountability), external contributors get an assignee (identifies who
should shepherd the PR). Both are togglable from repo Settings →
Variables without code changes.
Side benefit: skips the 30-55 second `poll_for_reviewers` polling loop
for org-member PRs.
## Post-merge manual step
Set repository variables (Settings → Secrets and variables → Actions →
Variables):
- `ASSIGN_INTERNAL` = `false`
- `ASSIGN_EXTERNAL` = `true`
Release Notes:
- N/A
These are noisy, and in general I'd prefer people to focus on the
quality of the resulting system; not the size of the diff. (Which may
require deliberately making changes larger)
## Context
<!-- What does this PR do, and why? How is it expected to impact users?
Not just what changed, but what motivated it and why this approach.
Link to Linear issue (e.g., ENG-123) or GitHub issue (e.g., Closes#456)
if one exists — helps with traceability. -->
## How to Review
<!-- Help reviewers focus their attention:
- For small PRs: note what to focus on (e.g., "error handling in
foo.rs")
- For large PRs (>400 LOC): provide a guided tour — numbered list of
files/commits to read in order. (The `large-pr` label is applied
automatically.)
- See the review process guidelines for comment conventions -->
## Self-Review Checklist
<!-- Check before requesting review: -->
- [ ] I've reviewed my own diff for quality, security, and reliability
- [ ] Unsafe blocks (if any) have justifying comments
- [ ] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [ ] Tests cover the new/changed behavior
- [ ] Performance impact has been considered and is acceptable
Release Notes:
- N/A
I appreciate its efforts and it helps me a lot, but I do not think
thanking zed-zippy in Discord is the right move to acknowledge its work.
Release Notes:
- N/A
The workflow run at
https://github.com/zed-industries/zed/actions/runs/23557683707 succeeded
but threw some warnings for a rather-soon Node.js 20 deprecation (June
2nd).
Hence, this PR updates in that context mentioned workflows to newer
versions from which on the actions will use Node.js 24.
Namely, this updates
- `actions/checkout`
- `actions/create-github-app-token` and
- `peter-evans/create-pull-request`
to their latest version which includes said updates. As for their most
recent versions, all of these actions just updated their versions to
account for said deprecation.
Release Notes:
- N/A
This PR bumps the extension CLI version used in the extension workflows
to `1fa7f1a3ec28ea1eae6db2e937d7a538fb10c0c7`.
Release Notes:
- N/A
Co-authored-by: zed-zippy[bot] <234243425+zed-zippy[bot]@users.noreply.github.com>
As of https://github.com/zed-industries/zed/pull/50750, the runner size
for building the extension CLI is no longer sufficient due to the
addition of the `settings_content` crate as a dependency. The [most
recent workflow
run](https://github.com/zed-industries/zed/actions/runs/23554506504/job/68577404831)
fails while building that crate due to insufficient RAM availlable
during the build.
Removing the dependency is not an option, as we do want to have the
validation here and need structs from the settings content crate to do
so.
Thus, changing the job here to a larger runner to fix the build and also
build it faster.
Release Notes:
- N/A
## Context
Fork PRs receive a read-only `GITHUB_TOKEN`, causing 403 errors on all
label and comment writes
([example](https://github.com/zed-industries/zed/pull/51878)). This
splits the single workflow into two:
- **pr-size-check.yml** (`pull_request`): computes size and guided tour
detection, uploads a JSON artifact — read-only, works for forks
- **pr-size-label.yml** (`workflow_run`): downloads the artifact,
applies labels and comments — runs on the base repo with full write
access
### Security
- Artifact treated as untrusted data: fields are cast and validated
(`Number()`, `String()` + prefix check, `Boolean()`) before use
- No artifact content is executed or interpolated into shell
- Missing artifact handled gracefully (steps skip via output flag)
### Also included
- Structural guided tour detection: extracts "How to Review" section,
strips HTML comment placeholders, checks for actual author content
(fixes false positive in #51957)
- Softer confirmation: "appears to include guidance"
Tested locally end-to-end against 4 real PRs
(XL/small/medium/false-positive).
## How to Review
1. `pr-size-check.yml` — the compute half. Compare against the previous
version: all write operations removed, artifact upload added at the end.
2. `pr-size-label.yml` — new file. Download artifact, validate, apply
labels/comments. Same label logic as before, just in a `workflow_run`
context.
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Context
Follow-up to #51964. The previous fix (stripping HTML comments) still
had a false positive: the `## How to Review` heading itself matched the
`how to review` alternative in the regex. Every PR using the template
would trigger the "guided tour detected" message.
Replace the regex with structural detection: extract the "How to Review"
section, strip template placeholders, and check if the author actually
wrote content there. Also softens the confirmation message to "appears
to include guidance."
## How to Review
- Single file: `.github/workflows/pr-size-check.yml`, lines 147-154
- The `rawBody.match(...)` extracts content between `## How to Review`
and the next `##` heading
- Confirmed: PR #51957's body returns `false`, a PR with actual content
returns `true`
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Context
The size check workflow's guided tour detection matches text inside HTML
comment placeholders in the PR template (e.g., `<!-- provide a guided
tour — numbered list of files/commits to read in order -->`), producing
false positives like the one on #51957.
Fix: strip `<!-- -->` comments from the PR body before running the
regex.
## How to Review
- Single file: `.github/workflows/pr-size-check.yml`, lines 148-151
- The `.replace(/<!--[\s\S]*?-->/g, '')` runs in `actions/github-script`
JS, not shell
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Context
Cleanup of the one-off workflow added in #51958. Both affected PRs
(#51897, #50372) now have passing checks and correct size labels.
## How to Review
- Single file deletion: `.github/workflows/fix-size-check.yml`
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Context
The permissions ceiling bug (fixed in #51948) left two open PRs (#51897,
#50372) with failed `check-size` runs. The Check Runs API requires
GitHub App auth, so we can't post passing checks from the CLI — it needs
to run inside Actions with `checks: write`.
This adds a `workflow_dispatch` workflow that takes comma-separated PR
numbers, computes sizes, applies labels, and posts passing check runs.
Delete after use.
## How to Review
- Single file: `.github/workflows/fix-size-check.yml`
- Uses the same size logic and ignored patterns as `pr-size-check.yml`
- Input is `pr_numbers` (comma-separated integers), accessed via JS API,
not shell interpolation
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Context
The PR size check workflow has been failing with `403 Resource not
accessible by integration` on every run
([example](https://github.com/zed-industries/zed/actions/runs/23281894554/job/67698634490)).
The root cause is a workflow-level `permissions` block that set a
read-only ceiling, silently preventing the job-level `issues: write` and
`pull-requests: write` grants from taking effect.
This also adds an idempotency improvement: when a new push doesn't
change the PR's size bracket, the workflow now skips the label
remove/re-add cycle, eliminating unnecessary timeline noise.
## How to Review
- Focus on `.github/workflows/pr-size-check.yml` — that's the only file
changed
- Lines 17-23: workflow-level `permissions` block removed, job-level
retained
- Lines 81-112: new `alreadyCorrect` check wraps the label mutation
block
## Self-Review Checklist
- [x] I've reviewed my own diff for quality, security, and reliability
- [x] Unsafe blocks (if any) have justifying comments
- [x] The content is consistent with the [UI/UX
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)
- [x] Tests cover the new/changed behavior
- [x] Performance impact has been considered and is acceptable
Release Notes:
- N/A
## Summary
Fix failing `assign-reviewers` workflow — pip's `--hash` syntax only
works in requirements files (`-r`), not constraint files (`-c`). The `-c
/dev/stdin` approach caused: `hashes are missing from some
requirements`.
Failing run:
https://github.com/zed-industries/zed/actions/runs/23272148116/job/67667106308
Coordinator PR:
https://github.com/zed-industries/codeowner-coordinator/pull/84
## Test plan
- [x] Verified locally: good hash installs cleanly, bad hash rejected
- [ ] After merge: verify assign-reviewers workflow passes on next PR
Release Notes:
- N/A
## Summary
- The Pulls API with `state=closed` paginates through all closed PRs in
the repo. On a repo as active as Zed, this exceeds the 5-minute job
limit ([failed
run](https://github.com/zed-industries/zed/actions/runs/23271617583)).
- Switch to the Search API which supports `merged:>DATE` natively, so
GitHub filters server-side and returns only matching hotfix PRs.
- Tested against the Zed repo — query completes in seconds.
Release Notes:
- N/A
## Summary
Deploy updated `assign-reviewers.yml` from
[codeowner-coordinator#83](https://github.com/zed-industries/codeowner-coordinator/pull/83):
- Switch trigger from `pull_request` to `pull_request_target` to support
fork PRs and fix `author_association` misclassification bug (org members
reported as `COLLABORATOR`)
- Remove `author_association` filter and fork gate — reviewer
assignments are inherently scoped to org team members by the GitHub
Teams API
- Remove `--min-association member` from script invocation
- Add `SECURITY INVARIANTS` comment block documenting
`pull_request_target` safety requirements
- Add concurrency guard to prevent duplicate runs per PR
- Add `--require-hashes` + SHA256 pin for pyyaml install
## Test plan
- [ ] Verify a fork PR triggers the workflow and receives team
assignment
- [ ] Verify a draft→ready PR triggers correctly
- [ ] Verify org member PRs continue to work
Release Notes:
- N/A
This switches the action back to the upstream one where the changes were
merged (thanks @\huacnlee for the quick action)
Aside from that, it does some minor fixes: It adds the bumper as an
assignee on the extensions PR and also ensures we do not try to bump
here in the repo for the test extensions.
Release Notes:
- N/A
This PR bumps the update action again. It also fixes a bug where a cache
issue could occur during the extension auto bump and adds update
auto-merge for PRs from staff-members in zed-industries/extensions.
Release Notes:
- N/A
Closes#51339
This should address issues with too new libstdc++.so on older/more
conservative distros such as RHEL9.
Release Notes:
- Relaxed requirement for libstdc++.so available on Linux distros.
This will allow us to also use the workflows for this repository, which
will especially come in handy once we revisit provider extensions.
Not perfect, as we will trigger some failed workflows for extensions
that were just added
Release Notes:
- N/A
This wil help with releases for extensions living this repository, which
will become more relevant once agent provider extensions are back on the
table.
Release Notes:
- N/A
This will allow us to test changes against just a subset of extensions.
Another advantage is that extension workflows will be pinned, which
allows for easier debugging and better predictability.
Release Notes:
- N/A
This PR takes a different approach to permissions for
assign-reviewers.yml and better filters external PRs for now.
Before you mark this PR as ready for review, make sure that you have:
- ~~[ ] Added a solid test coverage and/or screenshots from doing manual
testing~~
- [x] Done a self-review taking into account security and performance
aspects
- ~~[ ] Aligned any UI changes with the [UI
checklist](https://github.com/zed-industries/zed/blob/main/CONTRIBUTING.md#uiux-checklist)~~
Release Notes:
- N/A *or* Added/Fixed/Improved ...
