From 53c62c27ef6f02f16087dfd88aa821775f0de772 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 00:13:23 +0800 Subject: [PATCH 1/6] ci: release always creates draft; enforce master branch for official tags --- .github/workflows/release.yml | 33 ++++++++++++++++++++++++++++++--- 1 file changed, 30 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86af02e7..d6665869 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -142,6 +142,31 @@ jobs: echo "is_prerelease=$IS_PRERELEASE" >> $GITHUB_OUTPUT echo "✅ Valid version: $VERSION (tag: $TAG_NAME, prerelease: $IS_PRERELEASE, manual: $IS_MANUAL, publish: $IS_PUBLISH)" + - name: Validate tag is on master branch (official releases only) + if: steps.tag_version.outputs.is_prerelease == 'false' + run: | + TAG_NAME="${{ steps.tag_version.outputs.tag_name }}" + + echo "🔍 Validating that $TAG_NAME points to a commit on the master branch..." + + # Resolve the commit the tag points to (dereference annotated tags) + TAG_COMMIT=$(git rev-parse "${TAG_NAME}^{commit}") + echo "Tag commit: $TAG_COMMIT" + + # Fetch latest master to ensure our ref is up to date + git fetch origin master --depth=100 2>/dev/null || true + + # Check whether TAG_COMMIT is reachable from origin/master + if git merge-base --is-ancestor "$TAG_COMMIT" origin/master 2>/dev/null; then + echo "✅ $TAG_NAME is on the master branch" + else + echo "❌ $TAG_NAME is NOT on the master branch!" + echo "Official release tags must point to a commit that exists in master." + echo "Tag commit : $TAG_COMMIT" + echo "Please create the tag from the master branch and try again." + exit 1 + fi + - name: Validate version matches project version run: | PROJECT_VERSION=$(grep -E 'versionName\s*:' build.gradle | sed -E 's/.*versionName\s*:\s*"([^"]+)".*/\1/') @@ -511,7 +536,7 @@ jobs: /tmp/release-artifacts/*.aar /tmp/release-artifacts/SHA256SUMS.txt /tmp/release-artifacts/*.sha256 - draft: false + draft: true prerelease: ${{ steps.tag_version.outputs.is_prerelease == 'true' }} generate_release_notes: true make_latest: ${{ steps.tag_version.outputs.is_prerelease != 'true' }} @@ -566,7 +591,7 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY echo "### đŸ“Ļ Built Artifacts (available for download):" >> $GITHUB_STEP_SUMMARY else - echo "## 🎉 Release Created Successfully!" >> $GITHUB_STEP_SUMMARY + echo "## 🎉 Release Draft Created Successfully!" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Release**: $TAG_NAME" >> $GITHUB_STEP_SUMMARY echo "**Version**: $VERSION" >> $GITHUB_STEP_SUMMARY @@ -592,7 +617,9 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY if [ "$IS_PUBLISH" = "true" ]; then - echo "Release page: ${{ github.server_url }}/${{ github.repository }}/releases/tag/$TAG_NAME" >> $GITHUB_STEP_SUMMARY + echo "Release draft (pending human review): ${{ github.server_url }}/${{ github.repository }}/releases/tag/$TAG_NAME" >> $GITHUB_STEP_SUMMARY + echo "" >> $GITHUB_STEP_SUMMARY + echo "**⚠ī¸ Action required**: Go to the releases page, review the draft, then click *Publish release* to make it public." >> $GITHUB_STEP_SUMMARY fi ARTIFACT_PR_URL="${{ steps.sync_maven_repo.outputs.artifact_pr_url }}" From 49d2fcff051c1ab8463a696513e8d9cb16ed8f34 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 00:42:33 +0800 Subject: [PATCH 2/6] ci: sync maven artifacts via direct commit instead of PR --- .github/workflows/release.yml | 53 +++++++++++------------------------ 1 file changed, 17 insertions(+), 36 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d6665869..88f2d063 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -41,7 +41,7 @@ jobs: uses: nttld/setup-ndk@v1.4.2 id: setup-ndk with: - ndk-version: r26d + ndk-version: r27c link-to-sdk: true add-to-path: true @@ -357,7 +357,7 @@ jobs: echo "✅ Individual checksum files created" - - name: Sync artifacts to maven repo and open PR + - name: Sync artifacts to maven repo if: steps.tag_version.outputs.is_publish == 'true' id: sync_maven_repo env: @@ -370,14 +370,13 @@ jobs: if [[ -z "${ARTIFACT_REPO_TOKEN:-}" ]]; then echo "::warning::ARTIFACT_REPO_TOKEN is not set; skipping Maven artifact sync." - echo "artifact_pr_url=" >> $GITHUB_OUTPUT + echo "artifact_commit_url=" >> $GITHUB_OUTPUT exit 0 fi ARTIFACT_REPO="wysaid/android-gpuimage-plus-maven" WORKDIR="/tmp/maven-repo-target" SOURCE_REPO="/tmp/maven-repo" - BRANCH="sync/v${VERSION}" echo "🔄 Cloning artifact repo..." git clone --depth 1 "https://${ARTIFACT_REPO_TOKEN}@github.com/${ARTIFACT_REPO}.git" "$WORKDIR" @@ -401,42 +400,23 @@ jobs: git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" - git checkout -b "$BRANCH" git add org/wysaid/gpuimage-plus || true - echo "artifact_pr_url=" >> $GITHUB_OUTPUT + echo "artifact_commit_url=" >> $GITHUB_OUTPUT if git diff --cached --quiet; then - echo "ℹī¸ No changes to publish; skipping PR." + echo "ℹī¸ No changes to publish; skipping commit." + popd exit 0 fi git commit -m "Publish artifacts ${TAG_NAME}" - git push origin "$BRANCH" - - echo "📝 Creating pull request..." - PR_BODY=$(printf "Automated artifact sync for %s.\n\nGenerated by main repo release workflow." "$TAG_NAME") - API_JSON=$(jq -n --arg title "Publish ${TAG_NAME} artifacts" \ - --arg head "$BRANCH" \ - --arg base "master" \ - --arg body "$PR_BODY" \ - '{title:$title, head:$head, base:$base, body:$body}') - - PR_RESPONSE=$(curl -sS -X POST \ - -H "Authorization: token ${ARTIFACT_REPO_TOKEN}" \ - -H "Accept: application/vnd.github+json" \ - -d "$API_JSON" \ - "https://api.github.com/repos/${ARTIFACT_REPO}/pulls") - - echo "PR response: $PR_RESPONSE" - PR_URL=$(echo "$PR_RESPONSE" | jq -r '.html_url') - if [[ "$PR_URL" == "null" || -z "$PR_URL" ]]; then - echo "❌ Failed to create PR" - exit 1 - fi + git push origin master - echo "✅ PR created: $PR_URL" - echo "artifact_pr_url=$PR_URL" >> $GITHUB_OUTPUT + COMMIT_SHA=$(git rev-parse HEAD) + COMMIT_URL="https://github.com/${ARTIFACT_REPO}/commit/${COMMIT_SHA}" + echo "✅ Artifacts pushed to maven repo: $COMMIT_URL" + echo "artifact_commit_url=$COMMIT_URL" >> $GITHUB_OUTPUT popd - name: Generate release notes @@ -508,7 +488,7 @@ jobs: - **Minimum Android SDK**: API 21 (Android 5.0) - **Target Android SDK**: API 25 - - **NDK Version**: r26d + - **NDK Version**: r27c - **Supported Architectures**: armeabi-v7a, arm64-v8a, x86, x86_64 ### 📚 Documentation @@ -622,11 +602,12 @@ jobs: echo "**⚠ī¸ Action required**: Go to the releases page, review the draft, then click *Publish release* to make it public." >> $GITHUB_STEP_SUMMARY fi - ARTIFACT_PR_URL="${{ steps.sync_maven_repo.outputs.artifact_pr_url }}" - if [ -n "$ARTIFACT_PR_URL" ]; then + ARTIFACT_COMMIT_URL="${{ steps.sync_maven_repo.outputs.artifact_commit_url }}" + if [ -n "$ARTIFACT_COMMIT_URL" ]; then echo "" >> $GITHUB_STEP_SUMMARY - echo "### 📮 Artifact Repository PR" >> $GITHUB_STEP_SUMMARY - echo "- $ARTIFACT_PR_URL" >> $GITHUB_STEP_SUMMARY + echo "### đŸ“Ļ Maven Artifact Repository" >> $GITHUB_STEP_SUMMARY + echo "- Commit: $ARTIFACT_COMMIT_URL" >> $GITHUB_STEP_SUMMARY + echo "- Browse: https://maven.wysaid.org/org/wysaid/gpuimage-plus/" >> $GITHUB_STEP_SUMMARY fi # Add build time if available From c325f529d2a9984dae0355582e24188f4b915b67 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 00:44:21 +0800 Subject: [PATCH 3/6] build: upgrade NDK from r26d to r27c; update CI matrix to test r27c + r29 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - build.gradle: ndkVersion 26.3.11579264 → 27.2.12479018 (r27c) - release.yml: ndk-version r26d → r27c (committed separately) - CI matrices (ubuntu/windows/macos): replace r26d+r27c with r27c+r29 - r27c: current release NDK, ensures production quality - r29: latest stable NDK, detects forward compatibility issues early - macos-build.yml: update version mapping table r26d entry → r29 (29.0.14206865) --- .github/workflows/macos-build.yml | 4 ++-- .github/workflows/ubuntu-build.yml | 2 +- .github/workflows/windows-build.yml | 2 +- build.gradle | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/macos-build.yml b/.github/workflows/macos-build.yml index 95b58988..5fa2ba87 100644 --- a/.github/workflows/macos-build.yml +++ b/.github/workflows/macos-build.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"ndk-build","ffmpeg":"no-ffmpeg","page-size":"4kb"}]' || '[{"os":"macos-latest","os-name":"macOS","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} + include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"macos-latest","os-name":"macOS","ndk":"r29","build-system":"ndk-build","ffmpeg":"no-ffmpeg","page-size":"4kb"}]' || '[{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"macos-latest","os-name":"macOS","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} steps: - name: Checkout code @@ -35,7 +35,7 @@ jobs: NDK_FLAVOR="${{ matrix.ndk }}" NDK_FLAVOR=$(printf "%s" "$NDK_FLAVOR" | tr -d '\r\n') case "$NDK_FLAVOR" in - r26d*) NDK_VERSION="26.2.11394342" ;; + r29*) NDK_VERSION="29.0.14206865" ;; r27c*) NDK_VERSION="27.2.12479018" ;; *) echo "Error: Unsupported NDK version $NDK_FLAVOR" diff --git a/.github/workflows/ubuntu-build.yml b/.github/workflows/ubuntu-build.yml index e85cb1e7..c8796280 100644 --- a/.github/workflows/ubuntu-build.yml +++ b/.github/workflows/ubuntu-build.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r26d","build-system":"ndk-build","ffmpeg":"no-ffmpeg","page-size":"4kb"}]' || '[{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} + include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"ndk-build","ffmpeg":"no-ffmpeg","page-size":"4kb"}]' || '[{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"ubuntu-latest","os-name":"Ubuntu","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} steps: - name: Checkout code diff --git a/.github/workflows/windows-build.yml b/.github/workflows/windows-build.yml index 3945866a..66ac6f3f 100644 --- a/.github/workflows/windows-build.yml +++ b/.github/workflows/windows-build.yml @@ -20,7 +20,7 @@ jobs: strategy: fail-fast: false matrix: - include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"windows-latest","os-name":"Windows","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"}]' || '[{"os":"windows-latest","os-name":"Windows","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r26d","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r26d","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} + include: ${{ fromJson(github.event_name == 'pull_request' && '[{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"}]' || '[{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r27c","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r29","build-system":"cmake","ffmpeg":"with-ffmpeg","page-size":"16kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"4kb"},{"os":"windows-latest","os-name":"Windows","ndk":"r29","build-system":"cmake","ffmpeg":"no-ffmpeg","page-size":"16kb"}]') }} steps: - name: Checkout code diff --git a/build.gradle b/build.gradle index c04a5c79..aa59c389 100644 --- a/build.gradle +++ b/build.gradle @@ -41,7 +41,7 @@ ext { versionName : "3.1.2", applicationId : "org.wysaid.cgeDemo", appcompatX : "1.2.0", - ndkVersion : "26.3.11579264", + ndkVersion : "27.2.12479018", cmakeVersion : "3.22.1+", ] } \ No newline at end of file From 1b765564eb05e089d950480248c78c6fed45d6a1 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 01:06:20 +0800 Subject: [PATCH 4/6] ci: simplify manual trigger to always be dry-run, remove publish_release input --- .github/workflows/release.yml | 41 ++++++++++++----------------------- 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 88f2d063..a464c5b7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,14 +10,9 @@ on: workflow_dispatch: inputs: version: - description: 'Version tag to build (e.g., v3.1.1 or v3.1.1-beta1). Must be an existing tag. Prerelease tags will be published to Release page.' + description: 'Version number to build (e.g., v3.1.1 or v3.1.1-beta1). Tag does not need to exist — this is a dry-run: artifacts are saved in the workflow run only, nothing is published.' required: true type: string - publish_release: - description: 'Publish to GitHub Release page (only effective for non-master branches / test purposes)' - required: false - type: boolean - default: false concurrency: group: release-${{ github.ref }} @@ -74,7 +69,6 @@ jobs: env: EVENT_NAME: ${{ github.event_name }} INPUT_VERSION: ${{ github.event.inputs.version }} - INPUT_PUBLISH: ${{ github.event.inputs.publish_release }} run: | # Determine if this is a manual trigger or tag push if [ "$EVENT_NAME" = "workflow_dispatch" ]; then @@ -92,15 +86,8 @@ jobs: VERSION="${RAW_VERSION#v}" TAG_NAME="v$VERSION" IS_MANUAL="true" - - # Determine if we should publish to Release page - if [ "$INPUT_PUBLISH" = "true" ]; then - IS_PUBLISH="true" - echo "đŸ“ĸ Manual trigger with publish enabled" - else - IS_PUBLISH="false" - echo "🔧 Manual trigger detected (artifacts only, no Release page publish)" - fi + IS_PUBLISH="false" + echo "🔧 Dry-run triggered manually (artifacts only, nothing published)" else # Tag push - extract from ref TAG_NAME="${GITHUB_REF#refs/tags/}" @@ -143,7 +130,7 @@ jobs: echo "✅ Valid version: $VERSION (tag: $TAG_NAME, prerelease: $IS_PRERELEASE, manual: $IS_MANUAL, publish: $IS_PUBLISH)" - name: Validate tag is on master branch (official releases only) - if: steps.tag_version.outputs.is_prerelease == 'false' + if: steps.tag_version.outputs.is_prerelease == 'false' && steps.tag_version.outputs.is_manual == 'false' run: | TAG_NAME="${{ steps.tag_version.outputs.tag_name }}" @@ -541,9 +528,9 @@ jobs: echo "đŸ“Ļ Version: ${{ steps.tag_version.outputs.version }}" echo "đŸ“Ļ Artifacts are available for download from the workflow run." echo "" - echo "⚠ī¸ Note: publish_release was not set to true." - echo "⚠ī¸ Artifacts are NOT published to the Release page." - echo "⚠ī¸ To publish, re-run with publish_release=true or push a tag." + echo "ℹī¸ This was a manual dry-run — nothing was published." + echo "ℹī¸ To make a real release, push the tag from master:" + echo " git tag ${{ steps.tag_version.outputs.tag_name }} && git push origin ${{ steps.tag_version.outputs.tag_name }}" echo "" echo "đŸ“Ļ Built artifacts:" ls -lh /tmp/release-artifacts/ @@ -556,17 +543,17 @@ jobs: TAG_NAME="${{ steps.tag_version.outputs.tag_name }}" if [ "$IS_PUBLISH" != "true" ]; then - echo "## 🔧 Build-Only Mode Completed Successfully!" >> $GITHUB_STEP_SUMMARY + echo "## 🔧 Dry-Run Build Completed Successfully!" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Version**: $VERSION" >> $GITHUB_STEP_SUMMARY - echo "**Trigger**: Manual (workflow_dispatch, publish_release=false)" >> $GITHUB_STEP_SUMMARY + echo "**Trigger**: Manual dry-run (workflow_dispatch)" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "### ⚠ī¸ Note" >> $GITHUB_STEP_SUMMARY - echo "Artifacts are **NOT published** to the Release page (publish_release was false)." >> $GITHUB_STEP_SUMMARY + echo "### ℹī¸ Nothing was published" >> $GITHUB_STEP_SUMMARY + echo "Artifacts are retained in this workflow run for **7 days**." >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY - echo "To publish to Release page, re-run with **publish_release=true**, or push a tag:" >> $GITHUB_STEP_SUMMARY + echo "To make a real release, push the tag from master:" >> $GITHUB_STEP_SUMMARY echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY - echo "git push origin $TAG_NAME" >> $GITHUB_STEP_SUMMARY + echo "git tag $TAG_NAME && git push origin $TAG_NAME" >> $GITHUB_STEP_SUMMARY echo "\`\`\`" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### đŸ“Ļ Built Artifacts (available for download):" >> $GITHUB_STEP_SUMMARY @@ -576,7 +563,7 @@ jobs: echo "**Release**: $TAG_NAME" >> $GITHUB_STEP_SUMMARY echo "**Version**: $VERSION" >> $GITHUB_STEP_SUMMARY if [ "$IS_MANUAL" = "true" ]; then - echo "**Trigger**: Manual (workflow_dispatch, publish_release=true)" >> $GITHUB_STEP_SUMMARY + echo "**Trigger**: Tag push" >> $GITHUB_STEP_SUMMARY fi echo "" >> $GITHUB_STEP_SUMMARY echo "### ✅ Version Validation" >> $GITHUB_STEP_SUMMARY From 8fd31911d79932921918ad05e09c265d98d86574 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 01:08:29 +0800 Subject: [PATCH 5/6] ci: fail hard when ARTIFACT_REPO_TOKEN is missing during release --- .github/workflows/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a464c5b7..ff494cc1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -356,9 +356,9 @@ jobs: TAG_NAME="${{ steps.tag_version.outputs.tag_name }}" if [[ -z "${ARTIFACT_REPO_TOKEN:-}" ]]; then - echo "::warning::ARTIFACT_REPO_TOKEN is not set; skipping Maven artifact sync." - echo "artifact_commit_url=" >> $GITHUB_OUTPUT - exit 0 + echo "::error::ARTIFACT_REPO_TOKEN is not configured. This secret is required to publish artifacts to the Maven repository." + echo "Please add ARTIFACT_REPO_TOKEN to the repository secrets: Settings → Secrets and variables → Actions → New repository secret" + exit 1 fi ARTIFACT_REPO="wysaid/android-gpuimage-plus-maven" From 76be962f96a2336c3aa4a61cb3fa3e66ab338942 Mon Sep 17 00:00:00 2001 From: wy Date: Sun, 22 Feb 2026 01:35:18 +0800 Subject: [PATCH 6/6] ci: address review comments in release workflow\n\n- Guard git rev-parse and remove --depth=100 from master fetch\n (shallow boundary caused false-negative ancestor checks)\n- Add retry loop (up to 3 attempts) for artifact repo push\n (handles transient non-fast-forward on concurrent pushes)\n- Remove dead IS_MANUAL conditional inside IS_PUBLISH branch\n (IS_MANUAL is always false when IS_PUBLISH is true)\n- Fix draft release URL in step summary (was releases/tag/$TAG_NAME\n which 404s for non-push users; now points to releases management page)" --- .github/workflows/release.yml | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff494cc1..c157ce52 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -137,14 +137,20 @@ jobs: echo "🔍 Validating that $TAG_NAME points to a commit on the master branch..." # Resolve the commit the tag points to (dereference annotated tags) - TAG_COMMIT=$(git rev-parse "${TAG_NAME}^{commit}") + if ! TAG_COMMIT=$(git rev-parse "${TAG_NAME}^{commit}" 2>/dev/null); then + echo "❌ Could not resolve tag commit for $TAG_NAME — does the tag exist in this repo?" + exit 1 + fi echo "Tag commit: $TAG_COMMIT" - # Fetch latest master to ensure our ref is up to date - git fetch origin master --depth=100 2>/dev/null || true + # Fetch latest master to ensure our ref is up to date (full fetch, no shallow boundary) + if ! git fetch origin master; then + echo "❌ Failed to fetch origin/master. Cannot validate that $TAG_NAME is on the master branch." + exit 1 + fi # Check whether TAG_COMMIT is reachable from origin/master - if git merge-base --is-ancestor "$TAG_COMMIT" origin/master 2>/dev/null; then + if git merge-base --is-ancestor "$TAG_COMMIT" origin/master; then echo "✅ $TAG_NAME is on the master branch" else echo "❌ $TAG_NAME is NOT on the master branch!" @@ -398,7 +404,18 @@ jobs: fi git commit -m "Publish artifacts ${TAG_NAME}" - git push origin master + + # Retry push up to 3 times to handle transient non-fast-forward conflicts + PUSH_ATTEMPTS=0 + until git push origin master; do + PUSH_ATTEMPTS=$((PUSH_ATTEMPTS + 1)) + if [ "$PUSH_ATTEMPTS" -ge 3 ]; then + echo "::error::Maven artifact push failed after $PUSH_ATTEMPTS attempts (possible concurrent push). Re-run the sync step manually for tag $TAG_NAME." + exit 1 + fi + echo "⚠ī¸ Push attempt $PUSH_ATTEMPTS failed; retrying after fetch+rebase..." + git fetch origin master && git rebase origin/master + done COMMIT_SHA=$(git rev-parse HEAD) COMMIT_URL="https://github.com/${ARTIFACT_REPO}/commit/${COMMIT_SHA}" @@ -562,9 +579,7 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY echo "**Release**: $TAG_NAME" >> $GITHUB_STEP_SUMMARY echo "**Version**: $VERSION" >> $GITHUB_STEP_SUMMARY - if [ "$IS_MANUAL" = "true" ]; then - echo "**Trigger**: Tag push" >> $GITHUB_STEP_SUMMARY - fi + echo "**Trigger**: Tag push" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "### ✅ Version Validation" >> $GITHUB_STEP_SUMMARY echo "- ✅ Tag format validated: v\${major}.\${minor}.\${patch}" >> $GITHUB_STEP_SUMMARY @@ -584,7 +599,8 @@ jobs: echo "" >> $GITHUB_STEP_SUMMARY if [ "$IS_PUBLISH" = "true" ]; then - echo "Release draft (pending human review): ${{ github.server_url }}/${{ github.repository }}/releases/tag/$TAG_NAME" >> $GITHUB_STEP_SUMMARY + echo "Review and publish the draft release: ${{ github.server_url }}/${{ github.repository }}/releases" >> $GITHUB_STEP_SUMMARY + echo "(Draft tag: $TAG_NAME)" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**⚠ī¸ Action required**: Go to the releases page, review the draft, then click *Publish release* to make it public." >> $GITHUB_STEP_SUMMARY fi