Skip to content

P0: Release republish same tag (clobber existing assets safely) #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Kinin-Code-Offical merged 1 commit into from
Dec 21, 2025
Merged

P0: Release republish same tag (clobber existing assets safely) #31

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,36 @@ jobs:
if (-not (Test-Path artifacts/cloudsqlctl-windows-x64.zip)) { throw "Missing zip bundle" }
if (-not (Test-Path artifacts/SHA256SUMS.txt)) { throw "Missing SHA256SUMS.txt" }

- name: Delete existing release assets (same tag)
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
$tag = $env:GITHUB_REF -replace 'refs/tags/', ''
$headers = @{
Authorization = "Bearer $env:GITHUB_TOKEN"
Accept = "application/vnd.github+json"
Comment on lines +66 to +68
Copy link

@sourcery-ai sourcery-ai bot Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

issue (bug_risk): GitHub REST calls are missing a User-Agent header, which can cause API requests to be rejected.

Please add a required User-Agent header to $headers (for example, User-Agent = "github-actions/$env:GITHUB_REPOSITORY") so these GitHub REST requests aren’t rejected or throttled intermittently.

}
try {
$release = Invoke-RestMethod -Method Get -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/tags/$tag" -Headers $headers
} catch {
if ($_.Exception.Response.StatusCode.value__ -eq 404) {
Write-Host "No existing release for $tag"
exit 0
}
throw
}
Comment on lines +72 to +78
Copy link

@sourcery-ai sourcery-ai bot Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion (bug_risk): The 404 handling assumes Response is non-null and may throw if the exception shape differs.

In some failure cases (e.g., network errors), $_ may not have .Exception.Response or .StatusCode, causing this catch block to throw. Please add a null check (e.g. if ($_.Exception.Response -and $_.Exception.Response.StatusCode.value__ -eq 404)) or use null-propagation to ensure the 404 handling is safe for all error types.

Suggested change
} catch {
if ($_.Exception.Response.StatusCode.value__ -eq 404) {
Write-Host "No existing release for $tag"
exit 0
}
throw
}
} catch {
if ($_.Exception.Response -and $_.Exception.Response.StatusCode.value__ -eq 404) {
Write-Host "No existing release for $tag"
exit 0
}
throw
}


if (-not $release) {
Write-Host "No existing release data for $tag"
exit 0
}

Comment on lines +80 to +84
Copy link

Copilot AI Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This null check is redundant. If the Invoke-RestMethod call on line 71 succeeds, it will always return a response object. The 404 case is already handled in the catch block above. This check can never be true after a successful API call, making these lines unreachable code.

Suggested change
if (-not $release) {
Write-Host "No existing release data for $tag"
exit 0
}

Copilot uses AI. Check for mistakes.
foreach ($asset in $release.assets) {
Write-Host "Deleting asset $($asset.name)"
Invoke-RestMethod -Method Delete -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/assets/$($asset.id)" -Headers $headers
Copy link

Copilot AI Dec 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The asset deletion loop lacks error handling. If deletion of any asset fails (e.g., due to network issues or API rate limits), the script will throw an exception and halt, potentially leaving the release in an inconsistent state with some assets deleted and others remaining. Consider adding try-catch blocks within the loop to handle individual asset deletion failures gracefully, or at minimum, add logging to identify which asset failed.

Suggested change
Invoke-RestMethod -Method Delete -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/assets/$($asset.id)" -Headers $headers
try {
Invoke-RestMethod -Method Delete -Uri "https://api.github.com/repos/$env:GITHUB_REPOSITORY/releases/assets/$($asset.id)" -Headers $headers
} catch {
Write-Warning "Failed to delete asset '$($asset.name)' (ID: $($asset.id)): $($_.Exception.Message)"
}

Copilot uses AI. Check for mistakes.
}

- name: Release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
Expand Down