|
1 | 1 | name: Publish tarball to GitHub Release |
2 | 2 |
|
3 | | -# Temporary distribution channel while npm publish is blocked. Packs |
| 3 | +# Manual fallback for the tarball distribution channel. Packs |
4 | 4 | # @anarchitecture/ghost and attaches the .tgz to a GitHub Release, so consumers can: |
5 | 5 | # |
6 | 6 | # npm install https://github.com/block/ghost/releases/download/<tag>/<file>.tgz |
7 | 7 | # |
8 | | -# Triggered by pushing a tag of the form `anarchitecture-ghost@<version>` or by |
9 | | -# manual workflow_dispatch. |
| 8 | +# The normal path is release.yml, which attaches the tarball automatically on |
| 9 | +# every Changesets publish. This workflow is dispatch-only so a Changesets- |
| 10 | +# created tag does not fire both workflows and race on the same Release. Use it |
| 11 | +# to (re)cut a tarball for an existing version without a fresh npm publish. |
10 | 12 |
|
11 | 13 | on: |
12 | | - push: |
13 | | - tags: |
14 | | - - "anarchitecture-ghost@*" |
15 | 14 | workflow_dispatch: |
16 | 15 | inputs: |
17 | 16 | version: |
@@ -60,17 +59,16 @@ jobs: |
60 | 59 | # controlled (anyone with Actions write can trigger). Pass them in via |
61 | 60 | # `env:` and reference as shell variables so they can't be interpolated |
62 | 61 | # as shell syntax — that's what the semgrep shell-injection rule wants. |
| 62 | + # Inputs from workflow_dispatch are attacker-controlled (anyone with |
| 63 | + # Actions write can trigger). Pass them in via `env:` and reference as |
| 64 | + # shell variables so they can't be interpolated as shell syntax — that's |
| 65 | + # what the semgrep shell-injection rule wants. |
63 | 66 | - name: Resolve tag |
64 | 67 | id: tag |
65 | 68 | env: |
66 | | - EVENT_NAME: ${{ github.event_name }} |
67 | 69 | INPUT_VERSION: ${{ inputs.version }} |
68 | 70 | run: | |
69 | | - if [ "$EVENT_NAME" = "push" ]; then |
70 | | - TAG="$GITHUB_REF_NAME" |
71 | | - else |
72 | | - TAG="anarchitecture-ghost@$INPUT_VERSION" |
73 | | - fi |
| 71 | + TAG="anarchitecture-ghost@$INPUT_VERSION" |
74 | 72 | echo "tag=$TAG" >> "$GITHUB_OUTPUT" |
75 | 73 |
|
76 | 74 | - name: Create GitHub Release |
|
0 commit comments