Skip to content

Harden release workflow correctness for tag-based builds and reruns#5

Merged
gholliday merged 2 commits into
mainfrom
copilot/add-actions-build-for-releases
Jun 9, 2026
Merged

Harden release workflow correctness for tag-based builds and reruns#5
gholliday merged 2 commits into
mainfrom
copilot/add-actions-build-for-releases

Conversation

Copilot AI commented Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This updates the release workflow to address PR feedback around correctness and safety in manual/tag-driven releases. The workflow now guarantees assets are built from the intended tag and keeps release metadata consistent on reruns.

  • Ref/tag correctness

    • Resolve release tag first, then checkout that exact ref in both build and release jobs.
    • Prevents workflow_dispatch from building default-branch code while publishing under a different tag.

  • Publish path clarity

    • Switch dotnet publish target to explicit project file:
      • src/Tm7.Cli/Tm7.Cli.csproj
    • Removes ambiguity from directory-based publish invocation.

  • Release safety guardrails

    • Add explicit tag-existence verification before release operations.
    • Add gh release create --verify-tag to avoid accidental tag creation from unintended commits.

  • Rerun metadata consistency

    • When a release already exists, update name, body, and prerelease state before uploading assets.
    • Aligns rerun behavior with “create or update release” expectations.
- uses: actions/checkout@... # v5
  with:
    ref: ${{ steps.ver.outputs.tag }}

- name: Verify tag exists
  run: git rev-parse --verify "refs/tags/${{ steps.ver.outputs.tag }}"

- name: Create / update release
  run: |
    if gh release view "$TAG" ...; then
      gh api --method PATCH "repos/$GITHUB_REPOSITORY/releases/$RELEASE_ID" \
        -f name="$TAG" -f body="$NOTES" -F prerelease="$PRE"
      gh release upload "$TAG" ... --clobber dist/*
    else
      gh release create "$TAG" --verify-tag ...
    fi

@gholliday gholliday requested a review from Copilot June 9, 2026 11:39
@gholliday gholliday marked this pull request as ready for review June 9, 2026 11:39
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a dedicated GitHub Actions workflow to build and publish NativeAOT tm7 binaries for multiple OS/architectures and attach them (plus checksums) to GitHub Releases when a version tag is pushed or the workflow is manually dispatched.

Changes:

  • Introduces a Release workflow triggered by v* tags and workflow_dispatch, with contents: write to create/upload release assets.
  • Builds a cross-platform RID matrix, packages outputs as .zip (Windows) or .tar.gz (Linux/macOS), and emits per-asset *.sha256 files.
  • Aggregates matrix artifacts in a final job and uploads them to an existing or newly created GitHub Release.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/release.yml Outdated
Comment on lines +34 to +35
- uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1

Comment thread .github/workflows/release.yml Outdated
Comment thread .github/workflows/release.yml
Comment on lines +113 to +118
set -euo pipefail
TAG='${{ steps.ver.outputs.tag }}'
PRE='${{ steps.ver.outputs.prerelease }}'
FLAGS=()
[ "$PRE" = "true" ] && FLAGS+=(--prerelease)

Comment thread .github/workflows/release.yml
Comment on lines +125 to +130
if gh release view "$TAG" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
gh release upload "$TAG" --repo "$GITHUB_REPOSITORY" --clobber dist/*
else
gh release create "$TAG" --repo "$GITHUB_REPOSITORY" \
--title "$TAG" --notes "$NOTES" "${FLAGS[@]}" dist/*
fi
Copilot AI changed the title Add multi-target release workflow for tm7 CLI GitHub Releases Harden release workflow correctness for tag-based builds and reruns Jun 9, 2026
Copilot AI requested a review from gholliday June 9, 2026 11:49
@gholliday gholliday merged commit d18308c into main Jun 9, 2026
6 checks passed
Copilot stopped work on behalf of gholliday due to an error June 9, 2026 12:20
Pull request is not open
Copilot stopped work on behalf of gholliday due to an error June 9, 2026 12:20
Pull request is not open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gholliday gholliday gholliday approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@gholliday gholliday

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gholliday