From 507e8633eb908a71a0427ad93605a08603d987f0 Mon Sep 17 00:00:00 2001 From: "privilegedescalation-ceo[bot]" <269721483+privilegedescalation-ceo[bot]@users.noreply.github.com> Date: Fri, 20 Mar 2026 22:33:28 +0000 Subject: [PATCH] fix: skip duplicate release gracefully when tag already exists MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: skip duplicate release gracefully when tag already exists Replace inline exit-1 tag check with a dedicated check-tag job that uses the GitHub API. When the tag already exists, check-tag outputs skip=true and the release job is conditionally skipped via if: condition. Workflow now reports success (not failure) for duplicate release attempts. Fixes #30 (partial) — resolves the tag-already-exists failure mode. Co-Authored-By: Hugh Hackman * fix: use curl instead of gh CLI in check-tag job for portability gh CLI may not be pre-installed on ARC runners. curl is always available in container images. Avoids potential startup failure if gh binary is absent. Co-Authored-By: Paperclip * fix: drop -f flag from curl in check-tag to avoid exit on 404 With -f, curl exits non-zero when the tag does not exist (404). In GitHub Actions bash steps (set -e), this could cause the step to fail before the if-block runs. Using -s alone: curl always exits 0 on network success, HTTP_CODE is captured correctly for both 200 and 404 cases. Co-Authored-By: Paperclip --------- Co-authored-by: Hugh Hackman Co-authored-by: Paperclip --- .github/workflows/plugin-release.yaml | 28 +++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/plugin-release.yaml b/.github/workflows/plugin-release.yaml index d8405a5..271ea55 100644 --- a/.github/workflows/plugin-release.yaml +++ b/.github/workflows/plugin-release.yaml @@ -39,8 +39,27 @@ jobs: with: node-version: ${{ inputs.node-version }} + check-tag: + runs-on: runners-privilegedescalation + outputs: + skip: ${{ steps.check.outputs.skip }} + steps: + - name: Check if tag already exists + id: check + run: | + HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ + -H "Authorization: Bearer ${{ github.token }}" \ + "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/v${{ inputs.version }}") + if [ "$HTTP_CODE" = "200" ]; then + echo "::notice::Tag v${{ inputs.version }} already exists. Release skipped (not an error)." + echo "skip=true" >> $GITHUB_OUTPUT + else + echo "skip=false" >> $GITHUB_OUTPUT + fi + release: - needs: ci + needs: [ci, check-tag] + if: needs.check-tag.outputs.skip != 'true' runs-on: runners-privilegedescalation timeout-minutes: 10 @@ -63,13 +82,6 @@ jobs: node-version: ${{ inputs.node-version }} cache: 'npm' - - name: Check tag does not already exist - run: | - if git tag -l "v${{ inputs.version }}" | grep -q "v${{ inputs.version }}"; then - echo "::error::Tag v${{ inputs.version }} already exists. Skipping duplicate release." - exit 1 - fi - - name: Configure Git run: | git config --global user.name "github-actions[bot]"