Skip to content

v0.4.3: Tag-attributed release pipeline dispatch

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 12 Jun 12:47
v0.4.3
fc0680d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

A single-fix patch release that re-pins the Release pipeline dispatch to the tag ref, so npm trusted publishing and provenance OIDC claims once again reference refs/tags/v<version> instead of main. No CLI, JSON envelope, snapshot, recording, or export behavior changes.

Fixed

  • Release pipeline dispatched on the tag ref (#145 by @ThomasK33). The release-please workflow now invokes gh workflow run release.yml --ref "$tag" --field "tag=$tag". Without --ref, gh workflow run attaches the workflow_dispatch event to the default branch, so the v0.4.2 release run was attributed to main rather than v0.4.2. With this change the run attaches to refs/tags/v<version> like the old push: tags flow, the Actions UI shows the tag, and the OIDC token claims behind npm trusted publishing and provenance reference the tag instead of whatever main's HEAD currently is.
    • No artifact-integrity impact for v0.4.2. release.yml resolves the tag from its input, checks out the tag explicitly, and validates the tag against package.json and main-ancestry before building, so the v0.4.2 run built the correct commit. This fix only affects run attribution and OIDC claims.

Full Changelog: v0.4.2...v0.4.3

Install from npm once the trusted publish job for this workflow completes:

npm install -g "agent-tty@0.4.3"
agent-tty version --json

If you need a registry-independent fallback, install the verified tarball asset attached to this release:

VERSION=0.4.3
RELEASE_TAG=v0.4.3

gh release download "$RELEASE_TAG" --repo "coder/agent-tty" --pattern "agent-tty-${VERSION}.tgz"
npm install -g "./agent-tty-${VERSION}.tgz"
agent-tty version --json

Install from npm once the trusted publish job for this workflow completes:

npm install -g "agent-tty@0.4.3"
agent-tty version --json

If you need a registry-independent fallback, install the verified tarball asset from this release directly:

VERSION=0.4.3
RELEASE_TAG=v0.4.3
TARBALL_URL=https://github.com/coder/agent-tty/releases/download/v0.4.3/agent-tty-0.4.3.tgz

npm install -g "$TARBALL_URL"
agent-tty version --json

For private releases or environments that require authenticated downloads, fetch the asset first and then install locally:

gh release download "v0.4.3" --repo "coder/agent-tty" --pattern "agent-tty-0.4.3.tgz"
npm install -g "./agent-tty-0.4.3.tgz"
agent-tty version --json

SHA-256 checksum: 38d9bfdb5c174fd3fd59226696d24a83a77e7716b68babfddbb71d5bd8ff062e (see agent-tty-0.4.3.tgz.sha256 for the portable checksum file).

This workflow prepares one verified tarball and reuses it across GitHub Release assets and npm publishing instead of rebuilding it.

Contributors

ThomasK33
Assets 4
Loading