Skip to content

Merge pull request #1 from TrueNine/codex/release-devopsflow-0.2.17 #3

Merge pull request #1 from TrueNine/codex/release-devopsflow-0.2.17

Merge pull request #1 from TrueNine/codex/release-devopsflow-0.2.17 #3

Workflow file for this run

name: Version Check
on:
push:
branches: [main]
tags: ["v*"]
pull_request:
branches: [main]
jobs:
version-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- uses: oven-sh/setup-bun@v2.2.0
with:
bun-version: latest
- name: Check version alignment
run: |
set -e
PKG_VERSION=$(bun -e "console.log(require('./package.json').version)")
PLUGIN_VERSION=$(bun -e "console.log(require('./.codex-plugin/plugin.json').version)")
if grep -q '^version[[:space:]]*=' agents/df-publisher.toml; then
echo "::error::agents/df-publisher.toml must not use top-level version = because Codex agent TOML reserves that field; use # devopsflow-version = \"...\" instead"
exit 1
fi
AGENT_VERSION=$(grep '^#[[:space:]]*devopsflow-version[[:space:]]*=' agents/df-publisher.toml | head -1 | sed 's/.*"\(.*\)"/\1/')
echo "package.json: $PKG_VERSION"
echo "plugin.json: $PLUGIN_VERSION"
echo "df-publisher.toml: $AGENT_VERSION"
if [ "$PKG_VERSION" != "$PLUGIN_VERSION" ]; then
echo "::error::package.json ($PKG_VERSION) != plugin.json ($PLUGIN_VERSION)"
exit 1
fi
if [ "$PKG_VERSION" != "$AGENT_VERSION" ]; then
echo "::error::package.json ($PKG_VERSION) != agents/df-publisher.toml ($AGENT_VERSION)"
exit 1
fi
if [ "${GITHUB_REF_TYPE:-}" = "tag" ]; then
EXPECTED_TAG="v${PKG_VERSION}"
if [ "$GITHUB_REF_NAME" != "$EXPECTED_TAG" ]; then
echo "::error::package.json version requires tag ${EXPECTED_TAG}, received ${GITHUB_REF_NAME}"
exit 1
fi
fi
echo "All versions aligned: $PKG_VERSION"
- name: Check managed Codex asset hash
run: |
set -euo pipefail
HASH_FILE="skills/df-codex-assets/assets/hash.txt"
COMPUTED_HASH=$(bun skills/df-codex-assets/scripts/df-codex-assets.ts compute)
STORED_HASH=$(tr -d '[:space:]' < "$HASH_FILE")
echo "stored hash: $STORED_HASH"
echo "computed hash: $COMPUTED_HASH"
if [ "$COMPUTED_HASH" != "$STORED_HASH" ]; then
echo "::error::Managed Codex asset hash is stale."
echo "::error::Correct hash: $COMPUTED_HASH"
echo "::error::Update with: bun skills/df-codex-assets/scripts/df-codex-assets.ts compute > $HASH_FILE"
exit 1
fi
- name: Check managed Codex assets on version tag
if: github.ref_type == 'tag'
run: |
set -euo pipefail
VERSION=$(bun -e "console.log(require('./package.json').version)")
TAG="v${VERSION}"
REPO=$(bun -e "const p=require('./.codex-plugin/plugin.json'); const repo=String(p.repository||'https://github.com/TrueNine/devopsflow'); const m=repo.match(/github\\.com[:/]([^/]+\\/[^/.#]+)(?:\\.git)?/); console.log(m ? m[1] : 'TrueNine/devopsflow')")
HASH_FILE="skills/df-codex-assets/assets/hash.txt"
STORED_HASH=$(tr -d '[:space:]' < "$HASH_FILE")
if ! git ls-remote --exit-code --tags "https://github.com/${REPO}.git" "refs/tags/${TAG}" >/dev/null 2>&1; then
echo "::error::Required managed asset tag ${TAG} does not exist in ${REPO}."
exit 1
fi
TMP_DIR=$(mktemp -d)
cleanup() {
rm -rf "$TMP_DIR"
}
trap cleanup EXIT
while IFS= read -r path; do
mkdir -p "$TMP_DIR/$(dirname "$path")"
url="https://api.github.com/repos/${REPO}/contents/${path}?ref=${TAG}"
if ! curl --fail --show-error --location --retry 5 --retry-all-errors --retry-delay 2 \
--header "Accept: application/vnd.github.raw" \
--header "Authorization: Bearer ${{ github.token }}" \
"$url" --output "$TMP_DIR/$path"; then
echo "::error::Missing managed asset on ${TAG}: ${path}"
exit 1
fi
done < <(bun -e "import { MANAGED_ASSET_PATHS } from './skills/df-codex-assets/scripts/df-codex-assets.ts'; console.log(MANAGED_ASSET_PATHS.join('\\n'))")
mkdir -p "$TMP_DIR/skills/df-codex-assets/scripts" "$TMP_DIR/skills/df-codex-assets/assets"
cp skills/df-codex-assets/scripts/df-codex-assets.ts "$TMP_DIR/skills/df-codex-assets/scripts/df-codex-assets.ts"
cp "$HASH_FILE" "$TMP_DIR/$HASH_FILE"
TAG_HASH=$(PLUGIN_ROOT="$TMP_DIR" bun "$TMP_DIR/skills/df-codex-assets/scripts/df-codex-assets.ts" compute)
echo "tag: $TAG"
echo "tag hash: $TAG_HASH"
echo "stored hash: $STORED_HASH"
if [ "$TAG_HASH" != "$STORED_HASH" ]; then
echo "::error::Managed Codex assets on ${TAG} do not match ${HASH_FILE}."
echo "::error::Tag hash: $TAG_HASH"
echo "::error::Stored hash: $STORED_HASH"
exit 1
fi