Skip to content

Commit 7d05a8c

Browse files
moonD4rkmoonD4rk
committed
ci(release): address Copilot review feedback
- Move `make payload` from .goreleaser before.hooks to a dedicated workflow step so goreleaser doesn't depend on zig for non-Windows builds - Quote inputs.tag via env var and add `--` separator (CWE-78) - Reject already-existing tags before push to fail fast
1 parent c34ae21 commit 7d05a8c

2 files changed

Lines changed: 15 additions & 3 deletions

File tree

.github/workflows/release.yml

Lines changed: 15 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,11 +48,24 @@ jobs:
4848
with:
4949
version: 0.16.0
5050

51+
- name: Build ABE payload
52+
run: make payload
53+
5154
- name: Create and push tag
5255
if: inputs.mode == 'release'
56+
env:
57+
TAG: ${{ inputs.tag }}
5358
run: |
54-
git tag ${{ inputs.tag }}
55-
git push origin ${{ inputs.tag }}
59+
if git rev-parse -q --verify "refs/tags/$TAG" >/dev/null 2>&1; then
60+
echo "::error::Tag '$TAG' already exists locally"
61+
exit 1
62+
fi
63+
if git ls-remote --tags --exit-code origin "refs/tags/$TAG" >/dev/null 2>&1; then
64+
echo "::error::Tag '$TAG' already exists on origin"
65+
exit 1
66+
fi
67+
git tag -- "$TAG"
68+
git push origin -- "$TAG"
5669
5770
- name: Run GoReleaser (snapshot)
5871
if: inputs.mode == 'snapshot'

.goreleaser.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ version: 2
33
before:
44
hooks:
55
- go mod tidy
6-
- make payload
76

87
builds:
98
- id: "hack-browser-data-windows-amd64"

0 commit comments

Comments
 (0)