@@ -42,6 +42,7 @@ permissions:
4242
4343env :
4444 CARGO_TERM_COLOR : always
45+ PATCH_RELEASE_VERSION : ${{ inputs.version }}
4546
4647jobs :
4748 # ── Preflight ───────────────────────────────────────────────────────
5354 with :
5455 fetch-depth : 0
5556
57+ - name : Validate version input
58+ run : |
59+ if [[ ! "$PATCH_RELEASE_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[A-Za-z0-9.-]+)?$ ]]; then
60+ echo "::error::Invalid version: $PATCH_RELEASE_VERSION"
61+ echo "::error::Expected a tag like v1.2.3 or v1.2.3-rc.1."
62+ exit 1
63+ fi
64+
5665name : Must be on main branch
5766 run : |
5867 if [[ "${{ github.ref }}" != "refs/heads/main" ]]; then
@@ -64,17 +73,17 @@ jobs:
6473 env :
6574 GH_TOKEN : ${{ secrets.GITHUB_TOKEN }}
6675 run : |
67- if ! gh release view "${{ inputs.version }} " \
76+ if ! gh release view "$PATCH_RELEASE_VERSION " \
6877 --repo "${{ github.repository }}" >/dev/null 2>&1; then
69- echo "::error::Release ${{ inputs.version }} does not exist."
78+ echo "::error::Release $PATCH_RELEASE_VERSION does not exist."
7079 echo "::error::To cut a brand-new release, use the regular Release workflow instead."
7180 exit 1
7281 fi
7382
7483name : Cargo.toml version must still match the patched tag
7584 run : |
7685 CARGO_VERSION=$(grep '^version' src-rust/Cargo.toml | head -1 | sed 's/.*"\(.*\)".*/\1/')
77- TAG_VERSION="${{ inputs.version }} "
86+ TAG_VERSION="$PATCH_RELEASE_VERSION "
7887 TAG_VERSION="${TAG_VERSION#v}" # strip leading v
7988 if [[ "$CARGO_VERSION" != "$TAG_VERSION" ]]; then
8089 echo "::error::Cargo.toml ($CARGO_VERSION) does not match patched tag ($TAG_VERSION)."
@@ -263,9 +272,9 @@ jobs:
263272 run : |
264273 git config user.name "github-actions[bot]"
265274 git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
266- git tag -f "${{ inputs.version }} " "${{ github.sha }}"
267- git push -f origin "refs/tags/${{ inputs.version }} "
268- echo "Tag ${{ inputs.version }} now points at ${{ github.sha }}."
275+ git tag -f "$PATCH_RELEASE_VERSION " "${{ github.sha }}"
276+ git push -f origin "refs/tags/$PATCH_RELEASE_VERSION "
277+ echo "Tag $PATCH_RELEASE_VERSION now points at ${{ github.sha }}."
269278
270279# `gh release upload --clobber` overwrites assets one at a time without
271280 # touching the release body, name, draft state, or prerelease flag.
@@ -279,7 +288,7 @@ jobs:
279288 for f in release/*; do
280289 echo "→ Uploading $(basename "$f")"
281290 done
282- gh release upload "${{ inputs.version }} " release/* \
291+ gh release upload "$PATCH_RELEASE_VERSION " release/* \
283292 --repo "${{ github.repository }}" \
284293 --clobber
285294
@@ -298,13 +307,15 @@ jobs:
298307 run : python3 scripts/append-patch-note.py
299308
300309 - name : Summary
310+ env :
311+ PATCH_RELEASE_NOTE : ${{ inputs.patch_note }}
301312 run : |
302313 {
303- echo "## ✅ Patched ${{ inputs.version }} in place"
314+ echo "## ✅ Patched $PATCH_RELEASE_VERSION in place"
304315 echo
305316 echo "- Tag force-moved to commit \`${{ github.sha }}\`."
306317 echo "- 5 binary archives + install scripts rebuilt and re-uploaded."
307- if [[ -n "${{ inputs.patch_note }} " ]]; then
318+ if [[ -n "$PATCH_RELEASE_NOTE " ]]; then
308319 echo "- Release body received a new bullet under \`## 🩹 Patches\` at the top."
309320 else
310321 echo "- Release title, body, contributors, and Full Changelog link unchanged."
0 commit comments