Commit 1fdc036
authored
Make release.yml idempotent and tighten permissions (#35)
* Make release.yml idempotent and tighten permissions
The github-release step previously called `gh release create` unconditionally,
which fails with HTTP 422 when a release already exists for the tag - e.g.
when a maintainer publishes the release through the GitHub UI (which also
creates the tag), as happened for v0.1.1.
- Guard with `gh release view ... || gh release create ...` and upload `dist/*`
to the existing release with `--clobber` when present.
- `permissions: {}` at workflow level, escalated only where needed.
- Drop unused `attestations: write`; PEP 740 attestations are produced by
pypa/gh-action-pypi-publish v1.11+ from `id-token: write` alone.
- Add `concurrency: cancel-in-progress: false` on the tag ref.
- Verify the tagged commit is an ancestor of origin/main.
- Attach built sdist + wheel to the GitHub Release.
- Fold verify-version into build (no need for a separate runner).
* Simplify release.yml
Drop machinery that wasn't earning its lines:
- The concurrency block - tag-push races are vanishingly rare for this repo.
- UV_FROZEN env - irrelevant; uv build doesn't sync from the lockfile.
- The tag-on-main ancestry check (and its fetch-depth: 0) - the
tag-vs-pyproject match already catches the common error modes.
- The if/else in github-release. Replace with the cleaner pattern of
"create the release if missing, then always upload dist/* with --clobber."
Idempotent on retry without branching.
- --verify-tag and the post-publish info echo - noise.
Use job-level env (GH_REPO, TAG) to drop --repo flags from each gh call.
* Align release.yml with repo conventions
- Add concurrency block matching ci.yml's group key. Use
cancel-in-progress: false (unlike ci.yml which uses true) so an
in-flight pypa/gh-action-pypi-publish never gets killed mid-upload.
- Add env: UV_FROZEN: true to match the other uv-using workflows.
- Name the final github-release step, matching the repo pattern of
naming any step with a multi-line script.1 parent f1485ac commit 1fdc036
1 file changed
Lines changed: 25 additions & 31 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
8 | | - | |
| 7 | + | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
9 | 12 | | |
10 | 13 | | |
11 | 14 | | |
12 | 15 | | |
13 | 16 | | |
14 | | - | |
| 17 | + | |
15 | 18 | | |
16 | | - | |
| 19 | + | |
17 | 20 | | |
18 | 21 | | |
19 | 22 | | |
20 | 23 | | |
21 | 24 | | |
22 | 25 | | |
23 | 26 | | |
24 | | - | |
25 | | - | |
26 | | - | |
27 | | - | |
28 | | - | |
29 | | - | |
30 | | - | |
31 | | - | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
35 | | - | |
36 | | - | |
37 | | - | |
38 | | - | |
39 | | - | |
40 | | - | |
41 | | - | |
42 | | - | |
43 | | - | |
44 | 34 | | |
45 | 35 | | |
46 | 36 | | |
| |||
49 | 39 | | |
50 | 40 | | |
51 | 41 | | |
52 | | - | |
| 42 | + | |
53 | 43 | | |
54 | 44 | | |
55 | 45 | | |
| |||
58 | 48 | | |
59 | 49 | | |
60 | 50 | | |
61 | | - | |
62 | 51 | | |
63 | 52 | | |
64 | 53 | | |
| |||
67 | 56 | | |
68 | 57 | | |
69 | 58 | | |
70 | | - | |
| 59 | + | |
71 | 60 | | |
72 | 61 | | |
73 | 62 | | |
74 | 63 | | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
75 | 68 | | |
76 | | - | |
| 69 | + | |
77 | 70 | | |
78 | | - | |
79 | | - | |
80 | | - | |
81 | | - | |
82 | | - | |
| 71 | + | |
| 72 | + | |
| 73 | + | |
| 74 | + | |
| 75 | + | |
| 76 | + | |
0 commit comments