Skip to content

Fix release workflow: tag regex, artifact validation, and token usage #187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
katiewasnothere merged 1 commit into from
Jun 13, 2025
Merged

Fix release workflow: tag regex, artifact validation, and token usage #187

katiewasnothere merged 1 commit into from
Jun 13, 2025

Conversation

@Thedarkmatter10
Copy link
Contributor

@Thedarkmatter10 Thedarkmatter10 commented Jun 13, 2025
edited
Loading

🔧 Summary

This PR improves the release.yml GitHub Actions workflow by addressing several critical issues to ensure consistent and reliable behavior during tag-based releases.

✅ Changes Included

1. Fixed tag trigger regex

  • Escaped dots in the tag regex ([0-9]+\.[0-9]+\.[0-9]+) to ensure only semantic version tags like 1.2.3 trigger the workflow.
Explanation
  • Old Regex is incorrect because . matches any character, so it matched:

1-2-3, 1_2_3, even 1a2b3, which is invalid for versioning.

  • Fixed Regex is strict — matches only 1.2.3.

Find attached tested SCREEN SHOT BELOW .

Bad Match with Old Regex:
proofwithBadMatch

Proper Match with Fixed Regex:
withfixedbadstring

💬 Note: If you're planning to adopt alternate version tag formats in the future — such as:

  • v1.0.2 (semantic with prefix)

  • release-1.0.2 or rel-1.0.2

  • 1.0.2-beta, 1.0.2-rc.1 (prereleases with suffixes)

  • x1.0.2x (custom wrapping formats)

…feel free to reach out. I'm happy to help extend the workflow to support those formats reliably and safely.

2. Added strict release job guard

  • Prevented accidental release runs on non-tag events using if: startsWith(github.ref, 'refs/tags/').

3. Explicit artifact validation

  • Introduced a shell check using ls and test to ensure .zip and .pkg files exist before attempting release. This gives early, clear failure instead of a vague error from action-gh-release.

4. Clarified GitHub token usage

  • Switched from ${{ secrets.GITHUB_TOKEN }} to ${{ github.token }} for better readability and consistency with GitHub Actions best practices.

@katiewasnothere @wlan0

@katiewasnothere katiewasnothere merged commit 2364f33 into apple:main Jun 13, 2025
2 checks passed
@katiewasnothere katiewasnothere mentioned this pull request Jun 13, 2025
Merged
katiewasnothere added a commit to apple/containerization that referenced this pull request Jun 13, 2025
@katiewasnothere
Improve release tag regex (#122)
4751d07 
Matches changes made in apple/container#187 by
@Thedarkmatter10

Signed-off-by: Kathryn Baldauf <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@katiewasnothere katiewasnothere katiewasnothere approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Thedarkmatter10 @katiewasnothere