From d5826987faae64ad8bce8073e7d7d63e2a8ec284 Mon Sep 17 00:00:00 2001 From: Anthony Shoumikhin Date: Mon, 8 Dec 2025 10:09:59 -0800 Subject: [PATCH 1/3] Implement guardrail to check for existing branches Added a guardrail step to prevent overwriting existing branches in the Apple workflow to accidental avoid binaries overwrite on S3. --- .github/workflows/apple.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/apple.yml b/.github/workflows/apple.yml index d54e80e30fc..59aade665ef 100644 --- a/.github/workflows/apple.yml +++ b/.github/workflows/apple.yml @@ -40,6 +40,19 @@ jobs: run: | VERSION="1.1.0.$(TZ='PST8PDT' date +%Y%m%d)" echo "version=$VERSION" >> "$GITHUB_OUTPUT" + - name: Guardrail + if: ${{ (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/main' }} + shell: bash + run: | + VERSION="${{ steps.set_version.outputs.version }}" + BRANCH="swiftpm-${VERSION}" + + if git ls-remote --exit-code "https://github.com/${{ github.repository }}" "refs/heads/${BRANCH}" > /dev/null; then + echo "Branch '${BRANCH}' already exists!" + echo "Aborting workflow to prevent overwriting S3 binaries with a version checksum that cannot be committed." + echo "Please delete the remote branch '${BRANCH}' and re-run this workflow." + exit 1 + fi build-demo-ios: name: build-demo-ios From 50e7b2ff998f4e3622fb2c33ecc40bef50405267 Mon Sep 17 00:00:00 2001 From: Anthony Shoumikhin Date: Mon, 8 Dec 2025 10:15:12 -0800 Subject: [PATCH 2/3] Update .github/workflows/apple.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/apple.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/apple.yml b/.github/workflows/apple.yml index 59aade665ef..5b78c0d32a5 100644 --- a/.github/workflows/apple.yml +++ b/.github/workflows/apple.yml @@ -49,7 +49,7 @@ jobs: if git ls-remote --exit-code "https://github.com/${{ github.repository }}" "refs/heads/${BRANCH}" > /dev/null; then echo "Branch '${BRANCH}' already exists!" - echo "Aborting workflow to prevent overwriting S3 binaries with a version checksum that cannot be committed." + echo "Aborting workflow to prevent overwriting S3 binaries. The branch existence indicates this version was already published with specific checksums." echo "Please delete the remote branch '${BRANCH}' and re-run this workflow." exit 1 fi From 3b7a11a12c6369d40211db3cec7ceb108bffd4a9 Mon Sep 17 00:00:00 2001 From: Anthony Shoumikhin Date: Mon, 8 Dec 2025 10:15:24 -0800 Subject: [PATCH 3/3] Update .github/workflows/apple.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/apple.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/apple.yml b/.github/workflows/apple.yml index 5b78c0d32a5..789af84c1d1 100644 --- a/.github/workflows/apple.yml +++ b/.github/workflows/apple.yml @@ -47,7 +47,7 @@ jobs: VERSION="${{ steps.set_version.outputs.version }}" BRANCH="swiftpm-${VERSION}" - if git ls-remote --exit-code "https://github.com/${{ github.repository }}" "refs/heads/${BRANCH}" > /dev/null; then + if git ls-remote --exit-code "https://github.com/${{ github.repository }}" "refs/heads/${BRANCH}" > /dev/null 2>&1; then echo "Branch '${BRANCH}' already exists!" echo "Aborting workflow to prevent overwriting S3 binaries. The branch existence indicates this version was already published with specific checksums." echo "Please delete the remote branch '${BRANCH}' and re-run this workflow."