From 52cfbebba461a51fac079473c6f6760597254e18 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 11 Dec 2025 12:46:42 +0100 Subject: [PATCH] ci: make mark-stable robust for workflow_run - fetch workflow_run runs without head_sha filter - match by workflow name and head_sha in jq - keep tagging logic and permissions unchanged https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236 --- .github/workflows/mark-stable.yml | 45 ++++++++++++------------------- 1 file changed, 17 insertions(+), 28 deletions(-) diff --git a/.github/workflows/mark-stable.yml b/.github/workflows/mark-stable.yml index 837d72c..c837de7 100644 --- a/.github/workflows/mark-stable.yml +++ b/.github/workflows/mark-stable.yml @@ -14,23 +14,22 @@ on: jobs: mark-stable: - # Only run if the triggering workflow succeeded AND it ran on main if: > github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' runs-on: ubuntu-latest permissions: - contents: write # required to push tags - actions: read # required to query workflow runs via API + contents: write + actions: read steps: - name: Checkout repository uses: actions/checkout@v4 with: - fetch-depth: 0 # needed for tag operations + fetch-depth: 0 - - name: Install jq and gh (if needed) + - name: Install jq and gh run: | sudo apt-get update -y sudo apt-get install -y jq gh || true @@ -44,8 +43,9 @@ jobs: run: | set -euo pipefail - echo "Checking workflow results for commit: $SHA" + echo "Commit: $SHA" echo "Repository: $REPO" + echo "Fetching workflow runs…" required_workflows=( "Test Units" @@ -56,37 +56,32 @@ jobs: "Test Virgin Root" ) - echo "Fetching workflow runs via GitHub API…" - - # FIXED: correct absolute API path - json=$(gh api \ - /repos/"$REPO"/actions/runs \ - -F head_sha="$SHA" \ - -F per_page=100) + # FIX: cannot filter by head_sha — GitHub API bug! + json=$(gh api /repos/"$REPO"/actions/runs -F per_page=100 -F event=workflow_run) for wf in "${required_workflows[@]}"; do - conclusion=$(printf '%s\n' "$json" | jq -r --arg name "$wf" ' + conclusion=$(printf '%s\n' "$json" | jq -r --arg name "$wf" --arg sha "$SHA" ' .workflow_runs[] - | select(.name == $name) + | select(.name == $name and .head_sha == $sha) | .conclusion ' | head -n1) if [[ -z "$conclusion" || "$conclusion" == "null" ]]; then - echo "❌ Workflow '$wf' has no run for this commit yet. Not tagging." + echo "❌ Workflow '$wf' has no run for this commit yet." exit 0 fi if [[ "$conclusion" != "success" ]]; then - echo "❌ Workflow '$wf' did not succeed (status: $conclusion). Not tagging." + echo "❌ Workflow '$wf' did not succeed (status: $conclusion)." exit 0 fi echo "✔ Workflow '$wf' succeeded." done - echo "🎉 All required workflows succeeded for commit $SHA — marking as stable." + echo "🎉 All tests succeeded — this commit is STABLE." - - name: Move 'stable' tag to this commit + - name: Move 'stable' tag env: SHA: ${{ github.event.workflow_run.head_sha }} run: | @@ -95,18 +90,12 @@ jobs: git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - echo "Updating 'stable' tag → commit $SHA" + echo "Tagging commit $SHA as stable…" - # remove old tag locally - if git rev-parse stable >/dev/null 2>&1; then - git tag -d stable || true - fi - - # delete remote tag if exists + git tag -d stable 2>/dev/null || true git push origin :refs/tags/stable || true - # create new tag git tag stable "$SHA" git push origin stable - echo "✅ Stable tag updated successfully." + echo "✅ Done."