Attempt to fix the publish workflow#52
Attempt to fix the publish workflow#52kevinbackhouse wants to merge 3 commits intoGitHubSecurityLab:mainfrom
Conversation
kevinbackhouse
requested review from
JarLob,
m-y-mo,
p- and
sylwia-budzynska
as code owners
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the GitHub Actions publishing workflows to eliminate the manual version input requirement and instead rely on git references for release tagging. The workflows now use github.ref_name and github.head_ref context variables to automatically determine release versions.
Key changes:
- Removed manual
versioninput parameter from both the caller and reusable workflows - Split the environment configuration in the reusable workflow to accept separate
environment_nameandenvironment_urlparameters - Updated GitHub release commands to use
$GITHUB_REFNAMEenvironment variable instead of explicit version input
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| .github/workflows/publish-to-testpypi.yaml | Removed manual version input, updated to pass separate environment_name and environment_url parameters |
| .github/workflows/publish-reusable.yml | Removed version parameter, added GITHUB_REFNAME env var, split environment config to accept name and url separately |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull Request Overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| version: | ||
| description: 'Version name for release' | ||
| required: true | ||
| on: push |
There was a problem hiding this comment.
Publishing to TestPyPI on every push to any branch will create numerous releases and may quickly exhaust rate limits. Consider restricting this to specific branches (e.g., main or develop) or adding path filters to prevent unintended publishing.
| on: push | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop |
| VERSION: ${{ inputs.version }} | ||
| NOTES: ${{ inputs.release_notes }} | ||
| run: gh release create $VERSION --repo $GITHUB_REPO --notes $NOTES | ||
| run: gh release create $GITHUB_REFNAME --repo $GITHUB_REPO --notes $NOTES |
There was a problem hiding this comment.
The gh release create command will fail if a release with the same tag already exists. When triggering on push events, GITHUB_REFNAME will be a branch name (e.g., main), not a version tag, which will cause conflicts. Consider adding a --clobber flag or checking if the release exists first, or ensure this only runs on tag pushes.
See below for a potential fix:
if: startsWith(github.ref, 'refs/tags/')
env:
NOTES: ${{ inputs.release_notes }}
run: gh release create $GITHUB_REFNAME --repo $GITHUB_REPO --notes "$NOTES" --clobber
Second attempt at fixing these workflows. (I've closed #51.)