fix(release): download release assets without git checkout#7
Merged
Conversation
The PyPI publish job intentionally does not check out the repository, but gh release download tried to infer the repository from .git and failed before publishing. Pass GITHUB_REPOSITORY explicitly so the job can retrieve release assets in a checkout-free workspace. Constraint: Publish job should stay minimal and use trusted publishing without requiring a checkout. Rejected: Add actions/checkout to publish-pypi | unnecessary workspace state for a release asset download. Confidence: high Scope-risk: narrow Directive: Keep checkout-free release jobs explicit about their repository when using gh. Tested: .venv/bin/python -m pytest tests/test_release_workflows.py -q Tested: .venv/bin/ruff check tests/test_release_workflows.py Tested: .venv/bin/python scripts/check_release_gate.py Tested: .venv/bin/ruff check . Tested: .venv/bin/python -m pytest -q Not-tested: Live PyPI publish rerun after merge.
A failed publish job cannot reliably be recovered by rerunning an old workflow attempt after the workflow file is fixed. Add a protected manual path for strict vX.Y.Z tags so an existing GitHub Release can be gated and published from the current workflow without creating another release. Constraint: The v0.2.0 release already exists with uploaded artifacts, but the publish job failed before PyPI upload. Rejected: Rely on rerunning the old failed job | it uses the original workflow attempt and still lacks the repository-explicit gh call. Confidence: high Scope-risk: moderate Directive: Existing-tag publishing must remain behind the pypi environment and production release gate. Tested: .venv/bin/python -m pytest tests/test_release_workflows.py -q Tested: .venv/bin/ruff check tests/test_release_workflows.py Tested: .venv/bin/python scripts/check_release_gate.py Tested: .venv/bin/ruff check . Tested: .venv/bin/python -m pytest -q Not-tested: Live workflow_dispatch publish-existing-tag=v0.2.0.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--repo "$GITHUB_REPOSITORY"togh release downloadin the checkout-free PyPI publish job.publish-existing-tagworkflow dispatch path to recover an already-created strict tag such asv0.2.0.Root cause
publish-pypidoes not check out the repository. Without--repo, GitHub CLI tried to infer the repository from.gitand failed withfatal: not a git repositorybefore PyPI publishing.Recovery after merge
Dispatch the
Releaseworkflow frommainwithpublish-existing-tagset tov0.2.0. The manual path still runs through the protectedpypienvironment, validates strictvX.Y.Z, runs the production release gate, downloads the GitHub Release assets, and publishes them to PyPI with Trusted Publishing.Do not rely on rerunning the old failed job after this merges; that run was created from the old workflow attempt.
Verification
.venv/bin/python -m pytest tests/test_release_workflows.py -q.venv/bin/ruff check tests/test_release_workflows.py.venv/bin/python scripts/check_release_gate.py.venv/bin/ruff check ..venv/bin/python -m pytest -q