Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates the production release workflow to ensure the created Git tag (and resulting release) points to the exact commit that was checked out (e.g., the emergency-release branch head), rather than unintentionally pointing at the default branch head.
Changes:
- Push the release tag to
originand explicitly attach it to the checked-out SHA. - Remove
target_commitishfrom the GitHub Release creation step (relying on the pre-created tag). - Minor YAML formatting adjustments for readability (input description and checkout
ref).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Create and push git tag | ||
| run: | | ||
| git tag ${{ steps.package_version.outputs.version }} ${{ steps.checkout_sha.outputs.sha }} | ||
| git push origin ${{ steps.package_version.outputs.version }} |
There was a problem hiding this comment.
The workflow now performs a git push to create the remote tag. To avoid intermittent failures depending on repository defaults, explicitly grant contents: write permissions (workflow- or job-level) so the GITHUB_TOKEN can push tags. Also consider making this step idempotent: if the tag already exists on the remote (e.g., a rerun), git tag/git push will fail—either detect and skip when it already points to the intended SHA, or fail with a clear message when it points elsewhere.
| - name: Create GitHub Release | ||
| id: create_release | ||
| uses: actions/create-release@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ github.token }} | ||
| with: | ||
| tag_name: ${{ steps.package_version.outputs.version }} | ||
| release_name: ${{ steps.package_version.outputs.version }} | ||
| body: ${{ steps.package_version.outputs.version }} | ||
| draft: false | ||
| prerelease: false |
There was a problem hiding this comment.
target_commitish was removed from the release creation. If the tag push step fails (permissions, existing tag, transient network), actions/create-release may create the tag/release against the workflow’s triggering ref (often the default branch), reintroducing the original problem. Keeping target_commitish: ${{ steps.checkout_sha.outputs.sha }} here provides a safe fallback and ensures the release points at the intended commit even when the tag doesn’t exist yet.
|
@copilot apply changes based on the comments in this thread |
…et_commitish fallback Agent-Logs-Url: https://github.com/stellar/freighter/sessions/a1ba948f-e821-4555-99e0-848c1906438f Co-authored-by: piyalbasu <6789586+piyalbasu@users.noreply.github.com>
Applied all three changes in commit
|
contents: writepermissions to the jobtarget_commitishback to the release creation step as a safe fallback